Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
References
Configurations
History
17 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-11-07 13:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-42920
Mitre link : CVE-2022-42920
CVE.ORG link : CVE-2022-42920
JSON object : View
Products Affected
fedoraproject
- fedora
apache
- commons_bcel
CWE
CWE-787
Out-of-bounds Write