OSV-2023-1326

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/apache-commons-lang/OSV-2023-1326.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-1326

Published

2023-12-18T00:05:04.854273Z

Modified

2024-08-27T14:16:42.028102Z

Summary

Security exception in java.base/java.lang.reflect.Array.newArray

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65139

Crash type: Security exception
Crash state:
java.base/java.lang.reflect.Array.newArray
java.base/java.lang.reflect.Array.newInstance
java.base/java.io.ObjectInputStream.readArray

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65139

Affected packages

OSS-Fuzz / apache-commons-lang

Package

Name: apache-commons-lang
Purl: pkg:generic/apache-commons-lang

Affected ranges

Type: GIT
Repo: https://github.com/apache/commons-lang
Events: Introduced

7182f72061822cefade0a2169bc54ca51a1427e5

Fixed

b64f71df6dabe0bc144715fabc82c311cf9eb8f0

Affected versions

commons-lang-3.*

commons-lang-3.15.0-RC1

commons-lang-3.15.0-RC2

commons-lang-3.16.0-RC1

rel/commons-lang-3.*

rel/commons-lang-3.15.0

rel/commons-lang-3.16.0

Ecosystem specific

{
    "severity": "LOW"
}