CVE-2026-1188

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1188
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1188.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1188
Downstream
Related
Published
2026-01-29T09:16:03.560Z
Modified
2026-05-30T23:29:22.138035094Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.

References

Affected packages

Git / github.com/eclipse-omr/omr

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-omr/omr
Events
Introduced
b5ef5eda4680b6b5cf0c2f954362f9f47353ce04
Fixed
93f56356c8ef09ca59e314044c2447c6f4156df6
Database specific 
{
    "versions": [
        {
            "introduced": "0.2"
        },
        {
            "fixed": "0.8.0"
        }
    ]
}

Affected versions

omr-0.*
omr-0.2.0
omr-0.3.0
omr-0.4.0
omr-0.5.0
omr-0.6.0
omr-0.7.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1188.json"