CVE-2022-42920
Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Apache Commons BCEL tiene una serie de API que normalmente solo permitirían cambiar características de clase específicas. Sin embargo, debido a un problema de escritura fuera de límites, estas API se pueden utilizar para producir código de bytes arbitrario. Se podría abusar de esto en aplicaciones que pasan datos controlables por el atacante a esas API, lo que le da al atacante más control sobre el código de bytes resultante del que se esperaría. Actualización a Apache Commons BCEL 6.6.0.
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-14 CVE Reserved
- 2022-11-07 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2022/11/07/2 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Commons Bcel Search vendor "Apache" for product "Commons Bcel" | < 6.6.0 Search vendor "Apache" for product "Commons Bcel" and version " < 6.6.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
|