CVE-2025-1470
MEDIUMEclipse OMR < 0.4.0 - NULL Pointer Dereference in z/OS atoe Function Handling
Title source: llmDescription
In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/54
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
25.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
eclipse/omr
< 0.4.0
Published
Feb 21, 2025
Tracked Since
Feb 18, 2026