CVE-2026-1188

Published Jan 29, 2026

Last updated 3 months ago

CVSS medium 6.9

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-1188 identifies a buffer overflow vulnerability within the Eclipse OMR port library component, affecting versions released since 0.2.0. The flaw specifically resides in an API function responsible for returning the textual names of supported processor features. This function does not correctly account for the separators inserted between these features when determining the appropriate size for an output buffer. Consequently, if an output buffer supplied to this function is incorrectly sized, failing to factor in the separator characters, a buffer overflow condition can occur. This issue has been addressed and fixed in Eclipse OMR version 0.8.0.

Description
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.
Source
emo@eclipse.org
NVD status
Analyzed
Products
omr

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

emo@eclipse.org
CWE-131
nvd@nist.gov
CWE-120

Social media

Hype score
Not currently trending

  1. IBM Identity and Verify Accessで複数の脆弱性が修正。CVE-2026-2862及びCVE-2026-1491はCVSSスコア5.3のHTTPリクエストスマグリングで、内部ウェブトラフィック露出の可能性。重大(Critical)なバッファオーバーフローCVE-2026-1188

    @__kokumoto

    8 Apr 2026

    711 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.CVE-2025-14549
  2. In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.CVE-2025-1471
  3. In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.CVE-2025-1470

References

Sources include official advisories and independent security research.