Primary

Context

Eclipse OMR Compiler Buffer Over-Read Vulnerability in Charset Translation Optimization for OpenJ9 on Z Processors

Vulnerability

Patched

A buffer over-read vulnerability has been identified in the Eclipse OMR compiler component, affecting versions since 0.7.0. The issue arises in an optimization intended for Eclipse OpenJ9 users on Z processors, where NUL (0x00) characters are improperly managed during the translation from Latin-compatible charsets (such as UTF-8, ISO8859-1, and ASCII) to IBM-1047/037. This mismanagement can lead to the output byte array being truncated, omitting the first NUL byte and all following characters, which may result in a buffer over-read condition.

Impact

Exploitation of this vulnerability could lead to a buffer over-read, potentially allowing for the unintended disclosure of memory contents.

Remediation

Users can upgrade to Eclipse OMR version 0.8.0 to address this vulnerability.

Added: Dec 15, 2025, 6:19 AM

Updated: Dec 15, 2025, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.0

exploitability

4.7

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.0

exploitability

4.7

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse OMR Compiler Buffer Over-Read Vulnerability in Charset Translation Optimization for OpenJ9 on Z Processors

Vulnerability

Impact

Remediation

Affected Products

Eclipse OMR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating