{"id":"CVE-2022-3676","details":"In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.","modified":"2026-03-13T22:52:22.448739Z","published":"2022-10-24T14:15:51.953Z","related":["SUSE-SU-2022:4250-1","SUSE-SU-2022:4591-1","SUSE-SU-2022:4602-1","SUSE-SU-2023:0375-1","openSUSE-SU-2024:12463-1","openSUSE-SU-2024:12464-1","openSUSE-SU-2024:12465-1","openSUSE-SU-2025:0066-1","openSUSE-SU-2025:0067-1"],"references":[{"type":"REPORT","url":"https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389"},{"type":"FIX","url":"https://github.com/eclipse-openj9/openj9/pull/16122"},{"type":"FIX","url":"https://github.com/eclipse/omr/pull/6773"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/openj9","events":[{"introduced":"0"},{"fixed":"e04a7f6c1c365a6b375deb5f641c72309b170b95"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.35.0"}]}}],"versions":["openj9-0.0","openj9-0.0M1","openj9-0.0RC2","openj9-0.10.0-rc1","openj9-0.11.0","openj9-0.11.0-rc1","openj9-0.11.0-rc2","openj9-0.12.0-m1","openj9-0.12.0-m2","openj9-0.12.0-rc1","openj9-0.16.0-m1","openj9-0.17.0-m1","openj9-0.18.0-m1","openj9-0.19.0-m1","openj9-0.20.0-m1","openj9-0.21.0-m1","openj9-0.22.0-m1","openj9-0.23.0-m1","openj9-0.24.0-m1","openj9-0.26.0-m1","openj9-0.27.0-m1","openj9-0.29.0-m1","openj9-0.30.0-m1","openj9-0.30.0-m1a","openj9-0.33.0-m1","openj9-0.35.0-m1","openj9-0.35.0-m2","openj9-0.35.0-m2a","openj9-0.35.0-m2b","openj9-0.8.0","openj9-0.8.0-rc1","openj9-0.8.0-rc2","openj9-0.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3676.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}