CVE-2024-10917

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/eclipse-openj9/openj9/pull/20362	Issue Tracking Patch
https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0	Release Notes
https://gitlab.eclipse.org/security/cve-assignement/-/issues/47	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

History

09 Jan 2025, 18:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eclipse:openj9::::::::
First Time		Eclipse openj9 Eclipse
References	~~() https://github.com/eclipse-openj9/openj9/pull/20362 -~~	() https://github.com/eclipse-openj9/openj9/pull/20362 - Issue Tracking, Patch
References	~~() https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0 -~~	() https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0 - Release Notes
References	~~() https://gitlab.eclipse.org/security/cve-assignement/-/issues/47 -~~	() https://gitlab.eclipse.org/security/cve-assignement/-/issues/47 - Issue Tracking, Vendor Advisory

12 Nov 2024, 13:55

Type	Values Removed	Values Added
Summary		(es) En las versiones de Eclipse OpenJ9 hasta la 0.47, la función JNI GetStringUTFLength puede devolver un valor incorrecto que se ha repetido una y otra vez. A partir de la 0.48, el valor es correcto, pero puede estar truncado para incluir una cantidad menor de caracteres.

11 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-11 17:15

Updated : 2025-01-09 18:08

NVD link : CVE-2024-10917

Mitre link : CVE-2024-10917

CVE.ORG link : CVE-2024-10917

JSON object : View

Products Affected

eclipse

openj9

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-10917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-11-11T17:15:04.203", "references": [{"url": "https://github.com/eclipse-openj9/openj9/pull/20362", "tags": ["Issue Tracking", "Patch"], "source": "emo@eclipse.org"}, {"url": "https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0", "tags": ["Release Notes"], "source": "emo@eclipse.org"}, {"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/47", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters."}, {"lang": "es", "value": "En las versiones de Eclipse OpenJ9 hasta la 0.47, la funci\u00f3n JNI GetStringUTFLength puede devolver un valor incorrecto que se ha repetido una y otra vez. A partir de la 0.48, el valor es correcto, pero puede estar truncado para incluir una cantidad menor de caracteres."}], "lastModified": "2025-01-09T18:08:16.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCC7DE02-3642-44C5-BBA7-81914AB315E6", "versionEndExcluding": "0.48.0", "versionStartIncluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}

3.7 /10