Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-11-07T00:00:00
Updated: 2024-08-03T13:19:05.457Z
Reserved: 2022-10-14T00:00:00
Link: CVE-2022-42920
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-07T13:15:10.270
Modified: 2024-01-17T15:15:09.927
Link: CVE-2022-42920
Redhat