CVE-2024-10917: Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

Q: What is the severity of CVE-2024-10917?

CVE-2024-10917 has not been assigned a specific CVSS score, but it can lead to incorrect value retrieval which may affect application stability.

Q: How do I fix CVE-2024-10917?

To fix CVE-2024-10917, upgrade to Eclipse OpenJ9 version 0.48.0 or later where the issue is corrected.

Q: What versions are affected by CVE-2024-10917?

CVE-2024-10917 affects Eclipse OpenJ9 versions from 0.8.0 up to 0.47.0.

Q: What impact does CVE-2024-10917 have on applications?

CVE-2024-10917 may result in truncated string lengths being returned in JNI calls, potentially causing data inconsistency.

Q: Is there any workaround for CVE-2024-10917?

There are no known workarounds for CVE-2024-10917 other than upgrading to a secure version.

Published Nov 11, 2024

Updated

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

Affected Software

2 affected components

Eclipse Openj9>=0.8.0<0.48.0

IBM InfoSphere Data Architect<=9.2.1

Remediation

Patch Available

https://github.com/eclipse-openj9/openj9/pull/20362

Event History

Nov 11, 2024

CVE Published

via MITRE·04:55 PM

Data Sourced

via MITRE·04:55 PM

DescriptionSeverityWeakness

Mar 4, 2026

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7262513

Frequently Asked Questions

What is the severity of CVE-2024-10917?

CVE-2024-10917 has not been assigned a specific CVSS score, but it can lead to incorrect value retrieval which may affect application stability.

How do I fix CVE-2024-10917?

To fix CVE-2024-10917, upgrade to Eclipse OpenJ9 version 0.48.0 or later where the issue is corrected.

What versions are affected by CVE-2024-10917?