Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Created bcel tracking bugs for this issue: Affects: fedora-35 [bug 2142727] Affects: fedora-36 [bug 2142728] Created findbugs-bcel tracking bugs for this issue: Affects: epel-7 [bug 2142726]
Commits: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 https://github.com/apache/commons-bcel/commit/63919b288fe8ec5e9d0dac9e18b4a186acd76d63
Created bcel tracking bugs for this issue: Affects: fedora-37 [bug 2143514]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:8959 https://access.redhat.com/errata/RHSA-2022:8959
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:8958 https://access.redhat.com/errata/RHSA-2022:8958
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0005 https://access.redhat.com/errata/RHSA-2023:0005
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0004 https://access.redhat.com/errata/RHSA-2023:0004
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:0471 https://access.redhat.com/errata/RHSA-2023:0471
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:0470 https://access.redhat.com/errata/RHSA-2023:0470
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-42920
This issue has been addressed in the following products: MTA-6.0-RHEL-8 Via RHSA-2023:0934 https://access.redhat.com/errata/RHSA-2023:0934
This issue has been addressed in the following products: Red Hat Fuse 7.12 Via RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:3954
This issue has been addressed in the following products: RHPAM 7.13.4 async Via RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983