Main Vulnerability Database Vulnerabilities #VU76906

#VU76906 Out-of-bounds read in OpenJ9 - CVE-2023-2597

Published: June 5, 2023

Vulnerability identifier: #VU76906

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-2597

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenJ9

Software vendor:
Eclipse

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Remediation

Install updates from vendor's website.

External links

https://github.com/eclipse-openj9/openj9/pull/17259