CVE-2019-17639
Summary
| CVE | CVE-2019-17639 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-15 22:15:00 UTC |
| Updated | 2020-08-12 14:04:00 UTC |
| Description | In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type. |
Risk And Classification
Problem Types: CWE-843
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eclipse | Openj9 | 0.21.0 | - | All | All |
| Application | Eclipse | Openj9 | 0.21.0 | milestone1 | All | All |
| Application | Eclipse | Openj9 | 0.21.0 | milestone2 | All | All |
| Application | Eclipse | Openj9 | All | All | All | All |
| Application | Eclipse | Openj9 | 0.21.0 | - | All | All |
| Application | Eclipse | Openj9 | 0.21.0 | milestone1 | All | All |
| Application | Eclipse | Openj9 | 0.21.0 | milestone2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 563998 – (CVE-2019-17639) Undefined return value | CONFIRM | bugs.eclipse.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.