Fluid Attacks Database

Description

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	java-1.8.0-ibm	<1:1.8.0.5.35-3.el8_0	1:1.8.0.5.35-3.el8_0

Aliases

1. CVE-2018-125492. NVD-2018-125493. OSV-2018-12549

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.