CVE-2018-12549
11.02.2019, 15:29
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| eclipse | openj9 | 0.11.0 |
| redhat | satellite | 5.8 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| java-1.8.0-ibm |
| ||||||||
| java-1.8.0-ibm-demo |
| ||||||||
| java-1.8.0-ibm-devel |
| ||||||||
| java-1.8.0-ibm-headless |
| ||||||||
| java-1.8.0-ibm-jdbc |
| ||||||||
| java-1.8.0-ibm-plugin |
| ||||||||
| java-1.8.0-ibm-src |
| ||||||||
| java-1.8.0-ibm-webstart |
|
Common Weakness Enumeration
- CWE-111 - Direct Use of Unsafe JNIWhen a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References