CVE-2024-10917

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/eclipse-openj9/openj9/pull/20362	Issue Tracking Patch
https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0	Release Notes
https://gitlab.eclipse.org/security/cve-assignement/-/issues/47	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-11 17:15

Updated : 2025-01-09 18:08

NVD link : CVE-2024-10917

Mitre link : CVE-2024-10917

CVE.ORG link : CVE-2024-10917

JSON object : View

Products Affected

eclipse

openj9

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-10917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-11-11T17:15:04.203", "references": [{"url": "https://github.com/eclipse-openj9/openj9/pull/20362", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/47", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters."}, {"lang": "es", "value": "En las versiones de Eclipse OpenJ9 hasta la 0.47, la funci\u00f3n JNI GetStringUTFLength puede devolver un valor incorrecto que se ha repetido una y otra vez. A partir de la 0.48, el valor es correcto, pero puede estar truncado para incluir una cantidad menor de caracteres."}], "lastModified": "2025-01-09T18:08:16.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCC7DE02-3642-44C5-BBA7-81914AB315E6", "versionEndExcluding": "0.48.0", "versionStartIncluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}