VDB
CVE-2019-10245
CVE-2019-10245
PUBLISHED
CVSS 7.5 HIGH
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
EPSS 1.53% · 81.7th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
1.53%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0, 6.0 |
| redhat | enterprise_linux_server | 7.0, 6.0 |
| The Eclipse Foundation | Eclipse OpenJ9 | * |
| redhat | enterprise_linux_workstation | 7.0, 6.0 |
| redhat | enterprise_linux | 8.0 |
| eclipse | openj9 | 0 |
| redhat | satellite | 5.8 |
Exploit Intelligence
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588 (circl)
- 108094 (circl)
- RHSA-2019:1164 (circl)
- RHSA-2019:1163 (circl)
- RHSA-2019:1165 (circl)
- RHSA-2019:1166 (circl)
- RHSA-2019:1238 (circl)
- RHSA-2019:1325 (circl)
Timeline
- Apr 19, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588 url
- 108094 vdb
- RHSA-2019:1164 vendor-advisory
- RHSA-2019:1163 vendor-advisory
- RHSA-2019:1165 vendor-advisory
- RHSA-2019:1166 vendor-advisory
- RHSA-2019:1238 vendor-advisory
- RHSA-2019:1325 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-10245 advisory