UBUNTU-CVE-2024-23082

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-23082
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23082.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-23082
Withdrawn
2025-06-23T15:57:36Z
Published
2024-04-08T18:15:00Z
Modified
2024-04-08T18:15:00Z
Summary
[none]
Details

** DISPUTED ** ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

References

Affected packages

Ubuntu:20.04:LTS / threeten-extra

Package

Name
threeten-extra
Purl
pkg:deb/ubuntu/threeten-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.5.0-1

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23082.json"

Ubuntu:22.04:LTS / threeten-extra

Package

Name
threeten-extra
Purl
pkg:deb/ubuntu/threeten-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.5.0-1

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23082.json"

Ubuntu:24.04:LTS / threeten-extra

Package

Name
threeten-extra
Purl
pkg:deb/ubuntu/threeten-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.5.0-1

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23082.json"