Impact
A heap buffer overflow exists in the Jansi JNI ioctl wrapper because the argument array size is not verified before the system call, which can corrupt heap memory and cause application crashes. The resulting denial of service occurs when an affected program is terminated by the overflow. This weakness is classified as buffer overflow (CWE-122).
Affected Systems
The library is distributed by FuseSource as Jansi, and all released versions are believed to be vulnerable. The project has become unmaintained at the time of this CVE assignment, meaning that no official patch or update is available for the affected codebase.
Risk and Exploitability
The CVSS score of 4.8 indicates a moderate severity; the EPSS <1% suggests a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is an application that incorporates Jansi into its runtime; exploitation would require triggering the wrapped ioctl call with an oversized argument array, which would result in heap corruption and a crash. Since no patch exists, users must rely on mitigation steps rather than an official fix.
OpenCVE Enrichment