CVE-2022-42920 — Out-of-bounds Write in Software Foundation Apache Commons Bcel
Severity
9.8CRITICALNVD
EPSS
3.8%
top 11.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 7
Latest updateJan 16
Description
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
Also affects: Fedora 35, 36, 37
🔴Vulnerability Details
3📋Vendor Advisories
8Oracle▶
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (Apache Commons BCEL) — CVE-2022-42920↗2024-04-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Order and Service Management (Apache Commons BCEL) — CVE-2022-42920↗2024-01-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Print Preview (Apache Commons BCEL) — CVE-2022-42920↗2023-10-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: General (Apache Commons BCEL) — CVE-2022-42920↗2023-07-15