CVE-2019-17639 - In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with

CVE-2019-17639

Summary

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998

Vulnerable Configurations

cpe:2.3:a:eclipse:openj9:0.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.13.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.13.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.13.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.13.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.15.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.16.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.16.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.16.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.16.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.16.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.16.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.17.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.17.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.17.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.17.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.17.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.17.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.18.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.19.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.19.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.19.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.19.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.19.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.19.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.20.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.20.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.20.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.20.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.20.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.20.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.21.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.21.0:-:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.21.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.21.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.21.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:eclipse:openj9:0.21.0:milestone2:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 12-08-2020 - 14:04)
Impact:
Exploitability:

CWE

CWE-843

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

redhat via4

rpms

java-1.8.0-ibm-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-demo-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-devel-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-headless-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-jdbc-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-plugin-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-src-1:1.8.0.6.15-1.el8_2
java-1.8.0-ibm-webstart-1:1.8.0.6.15-1.el8_2
java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10
java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el6_10
java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el6_10
java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el6_10
java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el6_10
java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el6_10
java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7
java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el7
java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el7
java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el7
java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el7
java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el7
java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
java-1.8.0-ibm-demo-1:1.8.0.6.20-1jpp.1.el7
java-1.8.0-ibm-devel-1:1.8.0.6.20-1jpp.1.el7
java-1.8.0-ibm-jdbc-1:1.8.0.6.20-1jpp.1.el7
java-1.8.0-ibm-plugin-1:1.8.0.6.20-1jpp.1.el7
java-1.8.0-ibm-src-1:1.8.0.6.20-1jpp.1.el7

refmap via4

confirm

https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998

Last major update

12-08-2020 - 14:04

Published

15-07-2020 - 22:15

Last modified

12-08-2020 - 14:04