Apache Commons BCEL is vulnerable to Out-of-bound Write. The vulnerability is due to ConstantPool.java
and ConstantPoolGen.java
improperly handing MAX_CP_ENTRIES which allows an attacker to pass data to specific APIs and control the resulting bytecode causing out-of-bound writes.
CPE | Name | Operator | Version |
---|---|---|---|
apache commons bcel | le | 6.5.0 | |
bcel | eq | 5.2__18.el7 | |
apache commons bcel | le | 6.5.0 | |
bcel | eq | 5.2__18.el7 |
www.openwall.com/lists/oss-security/2022/11/07/2
github.com/advisories/GHSA-97xg-phpr-rg8q
github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5
github.com/apache/commons-bcel/pull/147
github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492
lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
lists.fedoraproject.org/archives/list/[email protected]/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4/
lists.fedoraproject.org/archives/list/[email protected]/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD/
lists.fedoraproject.org/archives/list/[email protected]/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/
www.openwall.com/lists/oss-security/2022/11/07/2