[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-42920Date: (C)2022-11-08   (M)2024-01-26


Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 5.9Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: HIGH 
Availability: HIGH 
  
Reference:
FEDORA-2022-01a56f581c
FEDORA-2022-0e358addb8
FEDORA-2022-f60a52e054
GLSA-202401-25
http://www.openwall.com/lists/oss-security/2022/11/07/2
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4

CWE    1
CWE-787
OVAL    17
oval:org.secpod.oval:def:5800033
oval:org.secpod.oval:def:2600122
oval:org.secpod.oval:def:1601615
oval:org.secpod.oval:def:507430
...

© SecPod Technologies