CVE-2019-10245 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-10245 PUBLISHED CVSS 7.5 HIGH

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

EPSS 1.53% · 81.2th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

1.53%

81.2th percentile

Affected Products

Vendor	Product	Versions
redhat	enterprise_linux_desktop	6.0, 7.0
redhat	enterprise_linux_server	7.0, 6.0
The Eclipse Foundation	Eclipse OpenJ9	unspecified
redhat	enterprise_linux_workstation	6.0, 7.0
redhat	enterprise_linux	8.0
eclipse	openj9	0
redhat	satellite	5.8

Timeline

Apr 19, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Mar 5, 2023 EPSS Score

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588 url
108094 vdb
RHSA-2019:1164 vendor-advisory
RHSA-2019:1163 vendor-advisory
RHSA-2019:1165 vendor-advisory
RHSA-2019:1166 vendor-advisory
RHSA-2019:1238 vendor-advisory
RHSA-2019:1325 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-10245 advisory

Open in Interactive Console →