Upstream information

CVE-2021-41041 at MITRE

Description

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.3
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact Low
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1198935 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.3
  • java-1_8_0-openj9 >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-accessibility >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-demo >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-devel >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-headless >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-javadoc >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-src >= 1.8.0.345-150200.3.24.1
Patchnames:
openSUSE-SLE-15.3-2022-3092
openSUSE Leap 15.4
  • java-1_8_0-openj9 >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-accessibility >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-demo >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-devel >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-headless >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-javadoc >= 1.8.0.345-150200.3.24.1
  • java-1_8_0-openj9-src >= 1.8.0.345-150200.3.24.1
Patchnames:
openSUSE-SLE-15.4-2022-3092
openSUSE Tumbleweed
  • java-11-openj9 >= 11.0.15.0-1.1
  • java-11-openj9-accessibility >= 11.0.15.0-1.1
  • java-11-openj9-demo >= 11.0.15.0-1.1
  • java-11-openj9-devel >= 11.0.15.0-1.1
  • java-11-openj9-headless >= 11.0.15.0-1.1
  • java-11-openj9-javadoc >= 11.0.15.0-1.1
  • java-11-openj9-jmods >= 11.0.15.0-1.1
  • java-11-openj9-src >= 11.0.15.0-1.1
  • java-1_8_0-openj9 >= 1.8.0.332-1.1
  • java-1_8_0-openj9-accessibility >= 1.8.0.332-1.1
  • java-1_8_0-openj9-demo >= 1.8.0.332-1.1
  • java-1_8_0-openj9-devel >= 1.8.0.332-1.1
  • java-1_8_0-openj9-headless >= 1.8.0.332-1.1
  • java-1_8_0-openj9-javadoc >= 1.8.0.332-1.1
  • java-1_8_0-openj9-src >= 1.8.0.332-1.1
Patchnames:
openSUSE Tumbleweed GA java-11-openj9-11.0.15.0-1.1
openSUSE Tumbleweed GA java-1_8_0-openj9-1.8.0.332-1.1