CVE-2024-10917

low

Description

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

References

https://gitlab.eclipse.org/security/cve-assignement/-/issues/47

https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0

https://github.com/eclipse-openj9/openj9/pull/20362

Details

Source: Mitre, NVD

Published: 2024-11-11

Updated: 2024-11-12

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N