CVE-2024-23082

Name of the Vulnerable Software and Affected Versions ThreeTen Backport version 1.6.8

Description The issue is related to an integer overflow in the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition) component. However, it is noted that the existence of this issue is disputed by multiple third parties, suggesting that the evidence may not be sufficient to confirm the vulnerability.

Recommendations For ThreeTen Backport version 1.6.8, consider restricting the use of the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition) component until further clarification on the issue is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.