Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-42920
HistoryNov 07, 2022 - 12:00 a.m.

CVE-2022-42920

2022-11-0700:00:00
ubuntu.com
ubuntu.com
21
apache commons bcel
out-of-bounds
arbitrary bytecode
update
security issue
unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.8%

Apache Commons BCEL has a number of APIs that would normally only allow
changing specific class characteristics. However, due to an out-of-bounds
writing issue, these APIs can be used to produce arbitrary bytecode. This
could be abused in applications that pass attacker-controllable data to
those APIs, giving the attacker more control over the resulting bytecode
than otherwise expected. Update to Apache Commons BCEL 6.6.0.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.8%