VYPR
Unrated severityNVD Advisory· Published May 27, 2024· Updated Aug 1, 2024

Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer

CVE-2024-3933

Description

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.