CVE-2019-17639: Infoleak
First published: Wed Jul 15 2020(Updated: )
Eclipse OpenJ9 could allow a remote attacker to obtain sensitive information, caused by the premature return of the current method with an undefined return value. By invoking the System.arraycopy method with a length longer than the length of the source or destination array can, an attacker could exploit this vulnerability to obtain sensitive information.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 | 1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.15-1.el8_2 | 1.8.0-ibm-1:1.8.0.6.15-1.el8_2 |
| Eclipse Openj9 | <=0.20.0 | |
| Eclipse Openj9 | =0.21.0 | |
| Eclipse Openj9 | =0.21.0-milestone1 | |
| Eclipse Openj9 | =0.21.0-milestone2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185437
- https://www.ibm.com/support/pages/node/6256562 (Advisory)
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998
- https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2020
- https://access.redhat.com/errata/RHSA-2020:3386
- https://access.redhat.com/errata/RHSA-2020:3388
- https://access.redhat.com/errata/RHSA-2020:3387
- https://access.redhat.com/security/cve/cve-2019-17639
- https://access.redhat.com/errata/RHSA-2020:5585
- https://bugzilla.redhat.com/show_bug.cgi?id=1866497
- https://www.cve.org/CVERecord?id=CVE-2019-17639 https://nvd.nist.gov/vuln/detail/CVE-2019-17639
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-17639?
CVE-2019-17639 is a vulnerability in Eclipse OpenJ9 that could allow a remote attacker to obtain sensitive information.
What is the severity of CVE-2019-17639?
The severity of CVE-2019-17639 is medium, with a severity value of 5.3.
How does CVE-2019-17639 affect Eclipse OpenJ9?
CVE-2019-17639 affects Eclipse OpenJ9 prior to version 0.21 on Power platforms.
How can I fix CVE-2019-17639 in Eclipse OpenJ9?
To fix CVE-2019-17639 in Eclipse OpenJ9, you should update to version 0.21 or later.
Where can I find more information about CVE-2019-17639?
You can find more information about CVE-2019-17639 at the following links: [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/vulnerabilities/185437), [IBM Support](https://www.ibm.com/support/pages/node/6256562), [CVE.org](https://www.cve.org/CVERecord?id=CVE-2019-17639), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-17639).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/ibm-support
- source/IBM
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-17639
- collector/redhat-cve
- vendor/eclipse
- canonical/eclipse openj9
- version/eclipse openj9/0.20.0
- version/eclipse openj9/0.21.0
- version/eclipse openj9/0.21.0-milestone1
- version/eclipse openj9/0.21.0-milestone2
- package-manager/redhat