vulnerability

Red Hat: CVE-2018-12549: CVE-2018-12549 IBM JDK: missing null check when accelerating Unsafe calls (Multiple Advisories)

Name: Red Hat: CVE-2018-12549: CVE-2018-12549 IBM JDK: missing null check when accelerating Unsafe calls (Multiple Advisories)
Creator: Red Hat
Published: 2019-02-11T00:00:00.000Z
Keywords: CVE, CWE-111, CWE-20, Red Hat, 2018, 12549, 12549 IBM JDK, redhat-upgrade-java-1-8-0-ibm, redhat-upgrade-java-1-8-0-ibm-demo, redhat-upgrade-java-1-8-0-ibm-devel, redhat-upgrade-java-1-8-0-ibm-headless, redhat-upgrade-java-1-8-0-ibm-jdbc, redhat-upgrade-java-1-8-0-ibm-plugin, redhat-upgrade-java-1-8-0-ibm-src, redhat-upgrade-java-1-8-0-ibm-webstart, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Feb 11, 2019

Added

Mar 7, 2019

Modified

Mar 27, 2026

Description

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

Solutions

redhat-upgrade-java-1-8-0-ibmredhat-upgrade-java-1-8-0-ibm-demoredhat-upgrade-java-1-8-0-ibm-develredhat-upgrade-java-1-8-0-ibm-headlessredhat-upgrade-java-1-8-0-ibm-jdbcredhat-upgrade-java-1-8-0-ibm-pluginredhat-upgrade-java-1-8-0-ibm-srcredhat-upgrade-java-1-8-0-ibm-webstart

References

CWE-111
CWE-20
EUVD-EUVD-2018-4509
NVD-CVE-2018-12549
REDHAT-RHSA-2019:1238
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-4509

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report