Uploaded image for project: 'Migration Toolkit for Applications'
  1. Migration Toolkit for Applications
  2. MTA-92

CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • QE - Ack

    Description

      Security Tracking Issue

      Do not make this issue public.

      Impact: Important
      Reported Date: 07-Nov-2022
      Resolve Bug By: 28-Nov-2022

      In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then.

      Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw

      Flaw:

      CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
      https://bugzilla.redhat.com/show_bug.cgi?id=2142707

      Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

      Attachments

        Activity

          People

            jortel Jeff Ortel
            ahanwate1@redhat.com Avinash Hanwate
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: