CVE-2022-42920

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Commons BCEL versions prior to 6.6.0

Description The issue is related to an out-of-bounds writing problem in Apache Commons BCEL, which can be exploited to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to the affected APIs, giving the attacker more control over the resulting bytecode than otherwise expected.

Recommendations Update to Apache Commons BCEL 6.6.0 to resolve the issue. As a temporary workaround, consider restricting the use of APIs that allow changing specific class characteristics to minimize the risk of exploitation. Avoid passing attacker-controllable data to these APIs until the issue is resolved.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:0005

ALT-PU-2024-16391

ALT-PU-2024-16424

ALT-PU-2024-16692

BDU:2024-02279

CESA-2022_8958

CVE-2022-42920

GHSA-97XG-PHPR-RG8Q

INFSA-2023_0005

OPENSUSE-SU-2022_4306-1

OPENSUSE-SU-2024:12498-1

OPENSUSE-SU-2024:12530-1

RHSA-2022:8958

RHSA-2022:8959

RHSA-2022_8958

RHSA-2023:0004

RHSA-2023:0005

RHSA-2023_0005

RLSA-2023:0005

SUSE-SU-2022:4306-1

SUSE-SU-2022:4331-1

SUSE-SU-2022_4306-1

SUSE-SU-2022_4331-1

USN-7208-1

Affected Products

Alt Linux

Almalinux

Apache Commons Bcel

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-42920

Weakness Enumeration

Related Identifiers

Affected Products

References · 51