CVE-2025-1470 MEDIUM

CVE-2025-1470: Eclipse OMR: Null pointer dereference vulnerability

Vendor Eclipse Foundation
Product Eclipse OMR
Weakness CWE-476
Published February 21, 2025
Last update February 21, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.

Key dates

02Disclosure timeline

February 21, 2025 CVE published
February 21, 2025 Record updated