ALT-PU-2024-16393-2
Closed vulnerabilities
Published: 2022-11-07
BDU:2024-02279
Уязвимость библиотеки для обработки байт-кода Java Apache Commons BCEL, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-11-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
- https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
- FEDORA-2022-01a56f581c
- FEDORA-2022-01a56f581c
- FEDORA-2022-f60a52e054
- FEDORA-2022-f60a52e054
- FEDORA-2022-0e358addb8
- FEDORA-2022-0e358addb8
- GLSA-202401-25
- GLSA-202401-25