CVE-2018-12548

CRITICAL

OpenJDK + Eclipse OpenJ9 <0.11.0 - Use After Free

Title source: llm

Description

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

References (1)

[Issue Tracking, Vendor Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 62.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-822

Status published

Products (1)

eclipse/openj9 0.11.0

Published Jan 31, 2019

Tracked Since Feb 18, 2026