In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. These functions were not directly callable by non-native user code. And This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVEIDC:CVE-2018-12547
DESCRIPTION: In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/157512 for the current score
CVSS Environmental Score*: Undefined
CVSS Attack Vector: Network
CVEID:CVE-2018-1890
DESCRIPTION: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2018-1890 for the current score
CVSS Environmental Score*: Undefined
CVSS Attack Vector: Undefined
IBM and Eclipse Foundation OpenJ9 0.8
IBM SDK, Java Technology Edition 6.0,7.0,8.0
You must replace the IBM® Runtime Environment, Java™ Technology Edition that is installed with IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows with the latest IBM® Runtime Environment, Java™ Technology Edition. Detailed instructions are provided in the tech-note: “Updating the IBM Runtime Environment, Java™ Technology Edition for InfoSphere Optim Performance Manager”
N/A