CVE-2019-17639 — MEDIUM (5.3)

Q: How severe is CVE-2019-17639?

CVE-2019-17639 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-17639?

Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Openj9.

Vulnerability Description

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Eclipse	Openj9	<= 0.20.0

Related Weaknesses (CWE)

CWE-843

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998Vendor Advisory

FAQ

What is CVE-2019-17639?

CVE-2019-17639 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafte...

How severe is CVE-2019-17639?

CVE-2019-17639 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-17639?

Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Openj9.