Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-42920

Опубликовано: 07 нояб. 2022
Источник: debian
EPSS Низкий

Описание

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
bcelfixed6.5.0-2package
bcelfixed6.5.0-1+deb11u1bullseyepackage
bcelfixed6.2-1+deb10u1busterpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2022/11/04/6

  • https://www.openwall.com/lists/oss-security/2022/11/04/8

  • https://github.com/apache/commons-bcel/pull/147

  • https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5

  • Duplicate of CVE-2022-34169. But CVE-2022-34169 was assigned for Apache Xalan Java XSLT library,

  • whereeas CVE-2022-42920 is associated with bcel itself.

EPSS

Процентиль: 88%
0.03792
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-42920

CVSS3: 9.8
ubuntu
больше 2 лет назад

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

redhat логотип

CVE-2022-42920

CVSS3: 8.1
redhat
больше 2 лет назад

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

nvd логотип

CVE-2022-42920

CVSS3: 9.8
nvd
больше 2 лет назад

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

suse-cvrf логотип

SUSE-SU-2022:4331-1

suse-cvrf
больше 2 лет назад

Security update for bcel

suse-cvrf логотип

SUSE-SU-2022:4306-1

suse-cvrf
больше 2 лет назад

Security update for bcel

EPSS

Процентиль: 88%
0.03792
Низкий