Vulnerabilities > Eclipse > Openj9 > 0.18.1

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-5676 Race Condition vulnerability in Eclipse Openj9
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
network
high complexity
eclipse CWE-362
5.9
2023-05-22 CVE-2023-2597 Out-of-bounds Read vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
network
low complexity
eclipse CWE-125
critical
9.1
2022-10-24 CVE-2022-3676 Type Confusion vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check.
network
low complexity
eclipse CWE-843
6.5
2022-04-27 CVE-2021-41041 Unchecked Return Value vulnerability in multiple products
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
network
low complexity
eclipse oracle CWE-252
5.0
2021-10-25 CVE-2021-41035 Unspecified vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
network
low complexity
eclipse
7.5
2021-04-21 CVE-2021-28167 Missing Initialization of Resource vulnerability in Eclipse Openj9
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries.
network
low complexity
eclipse CWE-909
6.4
2021-01-21 CVE-2020-27221 Out-of-bounds Write vulnerability in Eclipse Openj9
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
network
low complexity
eclipse CWE-787
7.5
2020-07-15 CVE-2019-17639 Type Confusion vulnerability in Eclipse Openj9
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value.
network
low complexity
eclipse CWE-843
5.0