What the vulnerability does

01Description

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

Key dates

02Disclosure timeline

January 31, 2019 CVE published
August 5, 2024 Record updated