CVE-2024-10917 LOW

CVE-2024-10917: Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

Vendor Eclipse Foundation
Product Open J9
Weakness CWE-190
Published November 11, 2024
Last update November 12, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

Key dates

02Disclosure timeline

November 11, 2024 CVE published
November 12, 2024 Record updated