{"id":"CVE-2023-2597","details":"In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.","modified":"2026-03-13T07:31:14.290506Z","published":"2023-05-22T12:15:09.760Z","related":["SUSE-SU-2023:2476-1","SUSE-SU-2023:2491-1","SUSE-SU-2023:3305-1","openSUSE-SU-2024:13110-1","openSUSE-SU-2024:13130-1","openSUSE-SU-2024:13131-1","openSUSE-SU-2025:0066-1","openSUSE-SU-2025:0067-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"FIX","url":"https://github.com/eclipse-openj9/openj9/pull/17259"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/openj9","events":[{"introduced":"0"},{"fixed":"d57d05932008a14605bf6cd729bb22dd6f49162c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.38.0"}]}}],"versions":["openj9-0.0","openj9-0.0M1","openj9-0.0RC2","openj9-0.10.0-rc1","openj9-0.11.0","openj9-0.11.0-rc1","openj9-0.11.0-rc2","openj9-0.12.0-m1","openj9-0.12.0-m2","openj9-0.12.0-rc1","openj9-0.16.0-m1","openj9-0.17.0-m1","openj9-0.18.0-m1","openj9-0.19.0-m1","openj9-0.20.0-m1","openj9-0.21.0-m1","openj9-0.22.0-m1","openj9-0.23.0-m1","openj9-0.24.0-m1","openj9-0.26.0-m1","openj9-0.27.0-m1","openj9-0.29.0-m1","openj9-0.30.0-m1","openj9-0.30.0-m1a","openj9-0.33.0-m1","openj9-0.35.0-m1","openj9-0.8.0","openj9-0.8.0-rc1","openj9-0.8.0-rc2","openj9-0.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2597.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}