Primary

Context

Eclipse OMR NULL Pointer Dereference Vulnerability in z/OS Atoe Function Consumers

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in Eclipse OMR, affecting versions from the initial contribution to 0.4.0. This issue arises in some internal port library and utilities that consume z/OS atoe functions, which do not properly check for NULL return values or memory allocation failures. As a result, these oversights can lead to crashes due to NULL pointer dereferences. However, starting from version 0.5.0, OMR's internal consumers of atoe functions have been updated to correctly handle NULL return values and memory allocation errors.

Impact

Exploitation of this vulnerability causes crashes by dereferencing NULL pointers, leading to application instability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse OMR NULL Pointer Dereference Vulnerability in z/OS Atoe Function Consumers

Vulnerability

Impact

Affected Products

Eclipse OMR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating