Bug 2142707 (CVE-2022-42920)
Summary: | CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Chess Hazlett <chazlett> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aileenc, alazarot, asoldano, balejosg, bbaranow, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, emingora, etirelli, fjuma, gjospin, gmalinko, hhorak, ibek, iweiss, janstey, jorton, jpavlik, jrokos, jstastny, jwon, kverlaen, lgao, mizdebsk, mnovotny, mosmerov, msochure, msvehla, nwallace, pantinor, pdelbell, pdrozd, peholase, pjindal, pmackay, pskopek, rguimara, rrajasek, rstancel, sfowler, smaestri, snikolov, sthorger, tom.jenkinson |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Apache Commons BCEL 6.6.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-01-28 23:52:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2142726, 2142727, 2142728, 2143230, 2143231, 2143232, 2143233, 2143510, 2143511, 2143512, 2143514 | ||
Bug Blocks: | 2140189 |
Description
Chess Hazlett
2022-11-15 01:42:49 UTC
Created bcel tracking bugs for this issue: Affects: fedora-35 [bug 2142727] Affects: fedora-36 [bug 2142728] Created findbugs-bcel tracking bugs for this issue: Affects: epel-7 [bug 2142726] Commits: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 https://github.com/apache/commons-bcel/commit/63919b288fe8ec5e9d0dac9e18b4a186acd76d63 Created bcel tracking bugs for this issue: Affects: fedora-37 [bug 2143514] This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:8959 https://access.redhat.com/errata/RHSA-2022:8959 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:8958 https://access.redhat.com/errata/RHSA-2022:8958 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0005 https://access.redhat.com/errata/RHSA-2023:0005 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0004 https://access.redhat.com/errata/RHSA-2023:0004 This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:0471 https://access.redhat.com/errata/RHSA-2023:0471 This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:0470 https://access.redhat.com/errata/RHSA-2023:0470 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-42920 This issue has been addressed in the following products: MTA-6.0-RHEL-8 Via RHSA-2023:0934 https://access.redhat.com/errata/RHSA-2023:0934 This issue has been addressed in the following products: Red Hat Fuse 7.12 Via RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:3954 This issue has been addressed in the following products: RHPAM 7.13.4 async Via RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983 |