Vulnerability Details CVE-2022-3676
In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.5%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/eclipse-openj9/openj9/pull/16122
- https://github.com/eclipse/omr/pull/6773
- https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389
- https://github.com/eclipse-openj9/openj9/pull/16122
- https://github.com/eclipse/omr/pull/6773
- https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389
Products affected by CVE-2022-3676
-
cpe:2.3:a:eclipse:openj9:0.0
-
cpe:2.3:a:eclipse:openj9:0.10.0
-
cpe:2.3:a:eclipse:openj9:0.11.0
-
cpe:2.3:a:eclipse:openj9:0.12.0
-
cpe:2.3:a:eclipse:openj9:0.12.1
-
cpe:2.3:a:eclipse:openj9:0.13.0
-
cpe:2.3:a:eclipse:openj9:0.14.0
-
cpe:2.3:a:eclipse:openj9:0.14.1
-
cpe:2.3:a:eclipse:openj9:0.14.2
-
cpe:2.3:a:eclipse:openj9:0.14.3
-
cpe:2.3:a:eclipse:openj9:0.15.0
-
cpe:2.3:a:eclipse:openj9:0.15.1
-
cpe:2.3:a:eclipse:openj9:0.16.0
-
cpe:2.3:a:eclipse:openj9:0.17.0
-
cpe:2.3:a:eclipse:openj9:0.18.0
-
cpe:2.3:a:eclipse:openj9:0.18.1
-
cpe:2.3:a:eclipse:openj9:0.19.0
-
cpe:2.3:a:eclipse:openj9:0.20.0
-
cpe:2.3:a:eclipse:openj9:0.21.0
-
cpe:2.3:a:eclipse:openj9:0.22.0
-
cpe:2.3:a:eclipse:openj9:0.23.0
-
cpe:2.3:a:eclipse:openj9:0.24.0
-
cpe:2.3:a:eclipse:openj9:0.25.0
-
cpe:2.3:a:eclipse:openj9:0.26.0
-
cpe:2.3:a:eclipse:openj9:0.27.0
-
cpe:2.3:a:eclipse:openj9:0.27.1
-
cpe:2.3:a:eclipse:openj9:0.28.0
-
cpe:2.3:a:eclipse:openj9:0.29.0
-
cpe:2.3:a:eclipse:openj9:0.29.1
-
cpe:2.3:a:eclipse:openj9:0.30.0
-
cpe:2.3:a:eclipse:openj9:0.30.1
-
cpe:2.3:a:eclipse:openj9:0.31.0
-
cpe:2.3:a:eclipse:openj9:0.32.0
-
cpe:2.3:a:eclipse:openj9:0.33.0
-
cpe:2.3:a:eclipse:openj9:0.33.1
-
cpe:2.3:a:eclipse:openj9:0.8
-
cpe:2.3:a:eclipse:openj9:0.8.0
-
cpe:2.3:a:eclipse:openj9:0.9.0