Описание
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 6.5.0-2 |
| esm-apps/bionic | released | 6.2-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 6.4.1-1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 6.5.0-1ubuntu0.1 |
| esm-apps/noble | not-affected | 6.5.0-2 |
| esm-apps/xenial | released | 6.0~rc3-2ubuntu1+esm1 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 6.5.0-1ubuntu0.1 |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
Ссылки на источники
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Apache Commons BCEL has a number of APIs that would normally only allo ...
EPSS
9.8 Critical
CVSS3