Community
Participate
Working Groups
A method that falls off the end is incorrectly verified and causes crashes. Simple method: ``` public static void foo(); descriptor: ()V flags: ACC_PUBLIC, ACC_STATIC Code: stack=1, locals=2, args_size=0 0: nop ```
project: Eclipse OpenJ9 version: [All versions before 0.14.0] cwe: CWE-20: Improper Input Validation summary: In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Fixed in version 0.14.0 and master: https://github.com/eclipse/openj9/pull/5528 https://github.com/eclipse/openj9/pull/5529
I've assigned CVE-2019-10245 https://github.com/CVEProject/cvelist/pull/1923