CVE-2024-3933

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-125
View all →

Vulnerability Description

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.

Related Vulnerabilities

CVE-2018-5821

HIGH
CVSS:7.3(High)

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event...

CWE-1252018

CVE-2018-8881

HIGH
CVSS:7.3(High)

Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.

CWE-1252018

CVE-2020-11902

HIGH
CVSS:7.3(High)

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.

CWE-1252020

CVE-2021-29934

HIGH
CVSS:7.3(High)

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.

CWE-1252021

CVE-2021-37655

HIGH
CVSS:7.3(High)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to...

CWE-1252021

CVE-2021-43804

HIGH
CVSS:7.3(High)

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the inc...

CWE-1252021