CVE-2018-12547
Description
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.782
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Security Guardium 9.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| (RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-1.8.0.5.30-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-demo-1.8.0.5.30-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-devel-1.8.0.5.30-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-jdbc-1.8.0.5.30-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-plugin-1.8.0.5.30-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-src-1.8.0.5.30-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-1.7.1.4.40-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-demo-1.7.1.4.40-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-devel-1.7.1.4.40-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-jdbc-1.7.1.4.40-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-plugin-1.7.1.4.40-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-src-1.7.1.4.40-1jpp.1.el7.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-demo-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-devel-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-headless-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-jdbc-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-plugin-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-src-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
| (RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-webstart-1.8.0.5.35-3.el8_0.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234