CVE-2025-1470

Medienbericht

EPSS 0.03%
Veröffentlicht 21.02.2025 10:15:11
Zuletzt bearbeitet 05.03.2025 18:54:18
Quelle emo@eclipse.org
Teams Watchlist Login
Unerledigt Login

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures.  This can lead to NULL pointer dereference crashes.  Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eclipse ≫ Omr Version <= 0.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
emo@eclipse.org	5.1	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.heise.de/news/Schwachstellen-bedrohen-IBM-Installation-Manager-Java-Runtime-Co-10350084.html

Medienbericht

heise Security

https://github.com/eclipse-omr/omr/pull/7655

Patch

https://github.com/eclipse-omr/omr/pull/7663

Patch

https://gitlab.eclipse.org/security/cve-assignement/-/issues/54

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-1470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1470

EUVD