References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://github.com/eclipse/omr/pull/7275

https://gitlab.eclipse.org/security/cve-assignement/-/issues/21

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read a

Eclipse Foundation AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Eclipse Foundation CWE-125

Eclipse Foundation CWE-787

Eclipse Foundation CWE-805

Eclipse Foundation https://github.com/eclipse/omr/pull/7275 [No types assigned]

Eclipse Foundation https://gitlab.eclipse.org/security/cve-assignement/-/issues/21 [No types assigned]