Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10917

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

Published

2024-11-11T17:15:04.203

Last Modified

2025-01-09T18:08:16.097

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	openj9	< 0.48.0	Yes

References

https://github.com/eclipse-openj9/openj9/pull/20362 Issue Tracking, Patch ([email protected])
https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0 Release Notes ([email protected])
https://gitlab.eclipse.org/security/cve-assignement/-/issues/47 Issue Tracking, Vendor Advisory ([email protected])