Avian JVM vm::arrayCopy() silent return on negative length

August 18, 2020

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length
Author: Pietro Oliva
CVE: CVE-2020-17361
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. One of these boundary checks makes the code return silently when a
negative length…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

image 1

Abyss Ransomware Victim: rangam[.]com

April 23, 2024
HIBP Banner 1

T2 – 85,894 breached accounts

April 23, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 23, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

April 23, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 23, 2024