CVE-2018-12547

Summary

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse OpenJ9unspecified < 0.12.0affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References