CVE-2019-17639 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-17639

Analyzed

More Info Official Page

Source-emo@eclipse.org

Published At-15 Jul, 2020 | 22:15

Updated At-12 Aug, 2020 | 14:04

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Eclipse Foundation AISBL

>>openj9>>Versions up to 0.20.0(inclusive)

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

Eclipse Foundation AISBL

>>openj9>>0.21.0

cpe:2.3:a:eclipse:openj9:0.21.0:-:*:*:*:*:*:*

Eclipse Foundation AISBL

>>openj9>>0.21.0

cpe:2.3:a:eclipse:openj9:0.21.0:milestone1:*:*:*:*:*:*

Eclipse Foundation AISBL

>>openj9>>0.21.0

cpe:2.3:a:eclipse:openj9:0.21.0:milestone2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-843	Primary	nvd@nist.gov
CWE-843	Secondary	emo@eclipse.org

CWE ID: CWE-843

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-843

Type: Secondary

Source: emo@eclipse.org

References

Hyperlink	Source	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998	emo@eclipse.org	Vendor Advisory

Hyperlink: https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998

Source: emo@eclipse.org

Resource:

Vendor Advisory