CVE-2024-10917

low-risk

Published 2024-11-11

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Openj9

Affected Vendors

Eclipse

References (3)

Issue Tracking https://github.com/eclipse-openj9/openj9/pull/20362

Release Notes https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0

Issue Tracking https://gitlab.eclipse.org/security/cve-assignement/-/issues/47

/ 100

low-risk

Severity 13/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal