What is CVE-2023-5676?

CVE-2023-5676 is a medium-severity vulnerability in Eclipse Foundation Openj9, classified under Signal Handler Race Condition. CVSS score: 4.1/10. Published 2023-11-15.

How severe is CVE-2023-5676?

Medium severity. CVSS v3 base score is 4.1 out of 10.

Vulnerability in Eclipse Foundation Openj9

CVE-2023-5676

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Eclipse Foundation Openj9 — versions 0

Weakness classification (CWE)

CWE-364 — Signal Handler Race Condition

References

github.com/eclipse-openj9/openj9/pull/18085
gitlab.eclipse.org/security/cve-assignement/-/issues/13

Frequently asked questions

What is CVE-2023-5676?: CVE-2023-5676 is a medium-severity vulnerability in Eclipse Foundation Openj9, classified under Signal Handler Race Condition. CVSS score: 4.1/10. Published 2023-11-15.
How severe is CVE-2023-5676?: Medium severity. CVSS v3 base score is 4.1 out of 10.