QwikSec

Security Database

CVE

CWE

Training

CVE-2022-42920

Published: Nov 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Vendor	Product	Versions
Apache Software Foundation	Apache Commons BCEL	affected `Apache Commons BCEL - < 6.6.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4

[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

mailing-list

FEDORA-2022-01a56f581c

vendor-advisory

FEDORA-2022-0e358addb8

vendor-advisory

FEDORA-2022-f60a52e054

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.