Java Bytecode Verifier Allows Execution Past End of Bytecode Array in Eclipse OpenJ9

Java Bytecode Verifier Allows Execution Past End of Bytecode Array in Eclipse OpenJ9

CVE-2019-10245 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

Learn more about our Web Application Penetration Testing UK.