CVE-2024-3933

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-3933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-3933

Related

SUSE-SU-2024:4252-1

Published

2024-05-27T06:15:09Z

Modified

2025-01-14T19:46:51Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.

References

Affected packages

Git / github.com/eclipse/openj9

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/openj9
Events: Introduced

caeb51f87afa3e070cdc32df61f3331ce002f4ce

Fixed

b0699311c7d9341f3d0ebf9a7a4b5546a7ca7004