CVE-2024-10917— Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

CVSS 3.7 · Low EPSS 0.31% · P54 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-10917

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

整数溢出或超界折返

Source: NVD (National Vulnerability Database)

Vulnerability Title

Eclipse OpenJ9 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Eclipse OpenJ9是Eclipse基金会的一款Java应用程序引擎。该产品主要用于运行Java应用程序。 Eclipse OpenJ9 0.47版本及之前版本存在输入验证错误漏洞，该漏洞源于JNI 函数 GetStringUTFLength 可能会返回不正确的值。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Eclipse Foundation	Open J9	0.8.0 ~ 0.47.0	-

II. Public POCs for CVE-2024-10917

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-10917

请登录查看更多情报信息。

Vendor Pages for CVE-2024-10917 (1)

Release Eclipse OpenJ9 v0.48.0 · eclipse-openj9/openj9 · GitHub

https://nvd.nist.gov/vuln/detail/CVE-2024-10917

IV. Related Vulnerabilities

Same product: Open J9

CVE-2024-3933
Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could

Same vendor: Eclipse Foundation

Same weakness: CWE-190

V. Comments for CVE-2024-10917

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-10917— Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

I. Basic Information for CVE-2024-10917

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-10917

III. Intelligence Information for CVE-2024-10917

Vendor Pages for CVE-2024-10917 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2024-10917

Leave a comment