CVE-2023-2597: Critical severity Eclipse Openj9 vulnerability
Published May 22, 2023
·Updated
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
Affected Software
2 affected components
Eclipse Openj9<0.38.0
IBM DB2 Recovery Expert for LUW<=5.5 IF 2
Remediation
Patch Available
Event History
May 22, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Feb 5, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID of this buffer overflow vulnerability?
The vulnerability ID of this buffer overflow vulnerability is CVE-2023-2597.
2
What software is affected by this vulnerability?
IBM QRadar SIEM version 7.5.0 - 7.5.0 UP6 is affected by this vulnerability.
3
What is the severity of CVE-2023-2597?
The severity of CVE-2023-2597 is high with a severity value of 7.
4
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by using specially crafted input to overflow a buffer and execute arbitrary code on the system.
5
Are there any fixes available for this vulnerability?
At this time, there are no specific fixes available for this vulnerability. However, it is recommended to keep the software up to date and follow any security advisories from the vendor.