Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Memory Analyzer » Vulnerabilities in MAT 1.13(Vulnerabilities in MAT 1.13)
Vulnerabilities in MAT 1.13 [message #1855579] Fri, 21 October 2022 08:07 Go to next message
Svarnim Agarwal is currently offline Svarnim AgarwalFriend
Messages: 2
Registered: October 2022
Junior Member
Using MAT 1.13 in my code and I see that multiple vulnerabilities have been identified.
These are seen because of the eclipse jars inside my MAT jar.
The list is:
CVE-2021-41033
CVE-2022-41852
CVE-2017-7657
CVE-2017-7658
CVE-2009-5045
CVE-2017-7656
CVE-2017-9735
CVE-2022-2048
CVE-2020-27216
CVE-2022-2191
CVE-2020-27225

Is there a fix to these, provided in a new build? Is this being looked into?
Is there anyother solution I can try?

Thanks.
Re: Vulnerabilities in MAT 1.13 [message #1855637 is a reply to message #1855579] Tue, 25 October 2022 06:19 Go to previous messageGo to next message
Andrew Johnson is currently offline Andrew JohnsonFriend
Messages: 205
Registered: July 2009
Senior Member
See Bug 580541 which covers all those CVEs except CVE-2022-41852.

Most are false positives, due to the bug CVE quoting the Eclipse platform version, but the CVE checking tool looking at the jar version, which does not correspond.

I have added CVE-2022-41852 for further consideration.

If you find a more recent Eclipse IDE which passes your security scan then you could install Memory Analyzer into it, rather than use standalone MAT.
Re: Vulnerabilities in MAT 1.13 [message #1856632 is a reply to message #1855637] Tue, 20 December 2022 03:46 Go to previous messageGo to next message
Svarnim Agarwal is currently offline Svarnim AgarwalFriend
Messages: 2
Registered: October 2022
Junior Member
Thanks Andrew.

Can you please validate the information regarding CVEs mentioned below.

CVE-2021-41033 - Being looked into by MAT team
CVE-2022-41852 - Being looked into by MAT team
CVE-2017-7657 - False Positive
CVE-2017-7658 - False Positive
CVE-2009-5045 - False Positive
CVE-2017-7656 - False Positive
CVE-2017-9735 - False Positive
CVE-2022-2048 - Being looked into by MAT team
CVE-2020-27216 - False Positive
CVE-2022-2191 - Being looked into by MAT team
CVE-2020-27225 - False Positive

Is there any other work around?
Re: Vulnerabilities in MAT 1.13 [message #1858606 is a reply to message #1856632] Tue, 11 April 2023 09:33 Go to previous messageGo to next message
Andrew Johnson is currently offline Andrew JohnsonFriend
Messages: 205
Registered: July 2009
Senior Member
Upgrade to Memory Analyzer 1.14.0
See https://www.eclipse.org/mat/1.14.0/noteworthy.html
CVE-2022-41852 has been withdrawn.
Re: Vulnerabilities in MAT 1.13 [message #1862199 is a reply to message #1858606] Fri, 17 November 2023 02:17 Go to previous message
Byrd Franklin is currently offline Byrd FranklinFriend
Messages: 2
Registered: December 2022
Junior Member
A quick update. I resolved my module exception messages by adding --add-exports java.base/jdk.internal.module=ALL-UNNAMED to my projects VM args. x trench run

[Updated on: Fri, 17 November 2023 02:18]

Report message to a moderator

Previous Topic:Question re: native threads and entires in coredump
Next Topic:Unknown host cbi.eclipse.org: Name or service not known
Goto Forum:
  


Current Time: Sat Jan 18 23:56:45 GMT 2025

Powered by FUDForum. Page generated in 0.02992 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top