Avian JVM vm::arrayCopy() Multiple Integer Overflows

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() Multiple Integer Overflows
Author: Pietro Oliva
CVE: CVE-2020-17360
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. Two of those boundary checks contain an integer overflow which leads
to those same checks…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source