Primary

Context

Eclipse OMR Buffer Overflow Vulnerability in z/OS Atoe Print Functions

Vulnerability

Patched

A buffer overflow vulnerability has been identified in Eclipse OMR versions 0.2.0 prior to 0.4.0. The issue arises in some z/OS atoe print functions that utilize a constant length buffer for string conversion. When the input format string and arguments exceed the buffer size, a buffer overflow occurs. This vulnerability has been addressed in version 0.5.0, where the conversion buffers are now properly sized and checked to prevent such overflows.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a program to crash.

Remediation

Users can upgrade to Eclipse OMR version 0.5.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse OMR Buffer Overflow Vulnerability in z/OS Atoe Print Functions

Vulnerability

Impact

Remediation

Affected Products

Eclipse OMR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating