OSV-2025-406

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/checkstyle/OSV-2025-406.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-406
Published
2025-05-27T00:01:44.628210Z
Modified
2025-05-27T00:01:44.628747Z
Summary
Security exception in com.puppycrawl.tools.checkstyle.JavaAstVisitor.getInnerBopAst
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420197344

Crash type: Security exception
Crash state:
com.puppycrawl.tools.checkstyle.JavaAstVisitor.getInnerBopAst
java.base/java.util.stream.ReferencePipeline$3$1.accept
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining
References

Affected packages

OSS-Fuzz / checkstyle

Package

Name
checkstyle
Purl
pkg:generic/checkstyle

Affected ranges

Type
GIT
Repo
https://github.com/checkstyle/checkstyle
Events
Introduced
2c1ac2bae208970466ad0ad270682b6ec10b46e2
Fixed
7c57dad25e53394287f9d944c1e5f225c5b21895

Ecosystem specific 

{
    "severity": "LOW"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/checkstyle/OSV-2025-406.yaml"
introduced_range 
"73a2743c539609dce2d962762e86edc4926a5270:3e4e2377141bb5301f1f0f17f754ac60416753be"
fixed_range 
"4cfc0541c6f5003f38e856246e8b6b28aa64d78a:7c57dad25e53394287f9d944c1e5f225c5b21895"