CVE-2022-3676 - AskarLabs CVE Database

CVE-2022-3676

Vendor The Eclipse Foundation

Product Eclipse OpenJ9

Weakness CWE-20 · Input validation

Published October 24, 2022

Last update May 7, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

Key dates

02Disclosure timeline

October 24, 2022 CVE published

May 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3676 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2024-0126 CVE-2023-25927 IBM Security Verify Access denial of service CVE-2020-15233 OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses CVE-2024-6077 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP CVE-2023-34983