CVE-2018-12548: Buffer Overflow
First published: Thu Jan 31 2019(Updated: )
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Openj9 | =0.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-12548?
CVE-2018-12548 is a vulnerability in OpenJDK + Eclipse OpenJ9 version 0.11.0 that allows the execution of arbitrary code.
What is the severity of CVE-2018-12548?
CVE-2018-12548 has a severity rating of 9.8 (Critical).
How does CVE-2018-12548 affect OpenJDK and Eclipse OpenJ9?
CVE-2018-12548 affects OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, where the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives that accept pointer values dereferenced in the native code.
How can I fix CVE-2018-12548?
To fix CVE-2018-12548, it is recommended to upgrade to a version of OpenJDK + Eclipse OpenJ9 that is not affected by this vulnerability.
Where can I find more information about CVE-2018-12548?
You can find more information about CVE-2018-12548 at this link: https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- vendor/eclipse
- canonical/eclipse openj9
- version/eclipse openj9/0.11.0