CVE-2022-42920: Out-of-bounds Write

November 7, 2022

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

References

github.com/advisories/GHSA-97xg-phpr-rg8q
github.com/apache/commons-bcel/pull/147
issues.apache.org/jira/browse/BCEL-363
lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
nvd.nist.gov/vuln/detail/CVE-2022-42920

Code Behaviors & Features

Detect and mitigate CVE-2022-42920 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →