CVE-2024-10917

EUVD-2024-33347
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
eclipseCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
eclipseopenj9
0.8.0 ≤
𝑥
< 0.48.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/eclipse-openj9/openj9/pull/20362
https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0
https://gitlab.eclipse.org/security/cve-assignement/-/issues/47