9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
81.0%
Apache Commons BCEL is vulnerable to Out-of-bound Write. The vulnerability is due to ConstantPool.java
and ConstantPoolGen.java
improperly handing MAX_CP_ENTRIES which allows an attacker to pass data to specific APIs and control the resulting bytecode causing out-of-bound writes.
CPE | Name | Operator | Version |
---|---|---|---|
apache commons bcel | le | 6.5.0 | |
bcel | eq | 5.2__18.el7 | |
apache commons bcel | le | 6.5.0 | |
bcel | eq | 5.2__18.el7 |
www.openwall.com/lists/oss-security/2022/11/07/2
github.com/advisories/GHSA-97xg-phpr-rg8q
github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5
github.com/apache/commons-bcel/pull/147
github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492
lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
lists.fedoraproject.org/archives/list/[email protected]/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4/
lists.fedoraproject.org/archives/list/[email protected]/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD/
lists.fedoraproject.org/archives/list/[email protected]/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/
www.openwall.com/lists/oss-security/2022/11/07/2
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
81.0%