CVE-2025-1470

Media report

EPSS 0.03%
Published 21.02.2025 10:15:11
Last modified 05.03.2025 18:54:18
Source emo@eclipse.org
Teams watchlist Login
Open Login

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures.  This can lead to NULL pointer dereference crashes.  Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Eclipse ≫ Omr Version <= 0.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
emo@eclipse.org	5.1	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.heise.de/news/Schwachstellen-bedrohen-IBM-Installation-Manager-Java-Runtime-Co-10350084.html

Medienbericht

heise Security

https://github.com/eclipse-omr/omr/pull/7655

Patch

https://github.com/eclipse-omr/omr/pull/7663

Patch

https://gitlab.eclipse.org/security/cve-assignement/-/issues/54

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-1470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1470

EUVD