Описание
Уязвимость библиотеки Jackson-databind связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю,действующему удаленно, вызвать отказ в обслуживании
Вендор
Red Hat Inc.
Сообщество свободного программного обеспечения
Oracle Corp.
NetApp Inc.
Novell Inc.
АО "НППКТ"
АО «НТЦ ИТ РОСА»
FasterXML, LLC
Наименование ПО
Red Hat Enterprise Linux
Debian GNU/Linux
Primavera Unifier
OnCommand Workflow Automation
OpenShift Application Runtimes
Red Hat Single Sign-On
openSUSE Tumbleweed
PeopleSoft Enterprise PeopleTools
Red Hat BPM Suite
Oracle Coherence
Oracle SD-WAN Edge
SUSE Linux Enterprise Module for Basesystem
Oracle WebLogic Server Proxy Plug-In
Red Hat Integration Camel K
Red Hat Integration Service Registry
OpenSUSE Leap
Red Hat CodeReady Studio
Red Hat JBoss A-MQ
Red Hat JBoss BRMS
Suse Linux Enterprise Server
OpenShift Logging
Primavera Gateway
Snap Creator Framework
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise Server for SAP Applications
SUSE Manager Proxy
SUSE Manager Server
Suse Linux Enterprise Desktop
SUSE Enterprise Storage
SUSE Linux Enterprise Module for Development Tools
SUSE Manager Retail Branch Server
Oracle Utilities Framework
Active IQ Unified Manager for Microsoft Windows
Active IQ Unified Manager for VMware vSphere
Red Hat OpenShift Container Platform
Cloud Insights Acquisition Unit
Red Hat Integration Change Data Capture
Financial Services Analytical Applications Infrastructure
Oracle Communications Cloud Native Core Console
JBoss Enterprise Application Platform
SUSE Linux Enterprise Real Time
Communications Billing and Revenue Management
Decision Manager
Oracle Financial Services Crime and Compliance Management Studio
Oracle Big Data Spatial and Graph
ОСОН ОСнова Оnyx
Communications Cloud Native Core Binding Support Function
РОСА ХРОМ
Red Hat JBoss Enterprise Application Platform
Active IQ Unified Manager for Linux
Oracle Commerce Platform
Logging subsystem for Red Hat OpenShift
Red Hat AMQ Streams
Red Hat AMQ
Red Hat Fuse
Red Hat build of Eclipse Vert.x
Red Hat support for Spring Boot
Oracle Financial Services Enterprise Case Management
Red Hat Data Grid
RHAF Camel-K
Jackson-databind
Red Hat build of Quarkus
Red Hat Process Automation Manager
Red Hat A-MQ Online
Oracle Graph Server and Client
Spatial studio
Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy (SCP)
Oracle Communications Cloud Native Core Unified Data Repository
Primavera P6 Enterprise Project Portfolio Management
Financial Services Behavior Detection Platform
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle Global Lifecycle Management NextGen OUI Framework
Oracle Health Sciences Empirica Signal
Oracle Retail Sales Audit
SUSE Liberty Linux
Версия ПО
8 (Red Hat Enterprise Linux)
10 (Debian GNU/Linux)
18.8 (Primavera Unifier)
- (OnCommand Workflow Automation)
- (OpenShift Application Runtimes)
7 (Red Hat Single Sign-On)
19.12 (Primavera Unifier)
- (openSUSE Tumbleweed)
от 17.7 до 17.12 включительно (Primavera Unifier)
8.58 (PeopleSoft Enterprise PeopleTools)
6 (Red Hat BPM Suite)
14.1.1.0.0 (Oracle Coherence)
9.0 (Oracle SD-WAN Edge)
20.12 (Primavera Unifier)
15 SP3 (SUSE Linux Enterprise Module for Basesystem)
12.2.1.3.0 (Oracle WebLogic Server Proxy Plug-In)
12.2.1.4.0 (Oracle WebLogic Server Proxy Plug-In)
- (Red Hat Integration Camel K)
- (Red Hat Integration Service Registry)
15.3 (OpenSUSE Leap)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
12 (Red Hat CodeReady Studio)
6 (Red Hat JBoss A-MQ)
6 (Red Hat JBoss BRMS)
15 SP2 LTSS (Suse Linux Enterprise Server)
5.3 (OpenShift Logging)
от 17.12.0 до 17.12.11 включительно (Primavera Gateway)
- (Snap Creator Framework)
15.4 (OpenSUSE Leap)
15 SP3 (SUSE Linux Enterprise High Performance Computing)
15 SP3 (Suse Linux Enterprise Server)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
4.2 (SUSE Manager Proxy)
4.2 (SUSE Manager Server)
15 SP3 (Suse Linux Enterprise Desktop)
7 (SUSE Enterprise Storage)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
4.1 (SUSE Manager Server)
4.1 (SUSE Manager Proxy)
15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP3 (SUSE Linux Enterprise Module for Development Tools)
4.1 (SUSE Manager Retail Branch Server)
8.59 (PeopleSoft Enterprise PeopleTools)
4.4.0.3.0 (Oracle Utilities Framework)
4.4.0.2.0 (Oracle Utilities Framework)
4.4.0.0.0 (Oracle Utilities Framework)
- (Active IQ Unified Manager for Microsoft Windows)
- (Active IQ Unified Manager for VMware vSphere)
3.11 (Red Hat OpenShift Container Platform)
- (Cloud Insights Acquisition Unit)
15 SP4 (Suse Linux Enterprise Server)
4 (Red Hat OpenShift Container Platform)
- (Red Hat Integration Change Data Capture)
15 SP4 (Suse Linux Enterprise Desktop)
8.1.1 (Financial Services Analytical Applications Infrastructure)
15 SP2-BCL (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
1.9.0 (Oracle Communications Cloud Native Core Console)
7.4 for RHEL 8 (JBoss Enterprise Application Platform)
7.4 on RHEL 7 (JBoss Enterprise Application Platform)
4.2 (SUSE Manager Retail Branch Server)
9 (Red Hat Enterprise Linux)
15 SP2 (SUSE Linux Enterprise Real Time)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
15 SP4 (SUSE Linux Enterprise High Performance Computing)
7.1 (SUSE Enterprise Storage)
15 SP4 (SUSE Linux Enterprise Module for Basesystem)
15 SP4 (SUSE Linux Enterprise Module for Development Tools)
от 12.0.0.4.0 до 12.0.0.6.0 включительно (Communications Billing and Revenue Management)
21.12 (Primavera Unifier)
4.3.0.5.0 (Oracle Utilities Framework)
4.3.0.6.0 (Oracle Utilities Framework)
7 (Decision Manager)
8.0.8.2.0 (Oracle Financial Services Crime and Compliance Management Studio)
8.0.8.3.0 (Oracle Financial Services Crime and Compliance Management Studio)
9.1 (Oracle SD-WAN Edge)
до 23.1 (Oracle Big Data Spatial and Graph)
до 2.7 (ОСОН ОСнова Оnyx)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Basesystem)
15 SP5 (SUSE Linux Enterprise Module for Development Tools)
22.1.3 (Communications Cloud Native Core Binding Support Function)
12.4 (РОСА ХРОМ)
7 (Red Hat JBoss Enterprise Application Platform)
- (Active IQ Unified Manager for Linux)
7.6 for RHEL 7 (Red Hat Single Sign-On)
7.6 for RHEL 8 (Red Hat Single Sign-On)
7.6 for RHEL 9 (Red Hat Single Sign-On)
11.3.2 (Oracle Commerce Platform)
5.4 (Logging subsystem for Red Hat OpenShift)
2.4.0 (Red Hat AMQ Streams)
7.5 for RHEL 7 (Red Hat Single Sign-On)
7.5 for RHEL 8 (Red Hat Single Sign-On)
7.10.0 (Red Hat AMQ)
7.6.1 (Red Hat Single Sign-On)
7.11 (Red Hat Fuse)
2.2.0 (Red Hat AMQ Streams)
4.2.7 (Red Hat build of Eclipse Vert.x)
- (Red Hat support for Spring Boot)
8.0.7.1 (Oracle Financial Services Enterprise Case Management)
8.0.7.2 (Oracle Financial Services Enterprise Case Management)
8.0.8.0 (Oracle Financial Services Enterprise Case Management)
8.0.8.1 (Oracle Financial Services Enterprise Case Management)
8.3.1 (Red Hat Data Grid)
1.8 (RHAF Camel-K)
до 2.12.6.1 (Jackson-databind)
от 2.13.0 до 2.13.2.1 (Jackson-databind)
2.7.6 (Red Hat build of Quarkus)
7.13.1 (Red Hat Process Automation Manager)
- (Red Hat A-MQ Online)
до 22.2.0 (Oracle Graph Server and Client)
до 22.1.0 (Spatial studio)
11.3.0 (Oracle Commerce Platform)
11.3.1 (Oracle Commerce Platform)
22.1.2 (Oracle Communications Cloud Native Core Network Repository Function)
22.2.0 (Oracle Communications Cloud Native Core Network Repository Function)
22.1.1 (Oracle Communications Cloud Native Core Network Slice Selection Function)
22.1.1 (Oracle Communications Cloud Native Core Security Edge Protection Proxy)
22.2.0 (Oracle Communications Cloud Native Core Service Communication Proxy (SCP))
22.2.0 (Oracle Communications Cloud Native Core Unified Data Repository)
от 18.8.0 до 18.8.14 включительно (Primavera Gateway)
от 19.12.0 до 19.12.13 включительно (Primavera Gateway)
от 20.12.0 до 20.12.8 включительно (Primavera Gateway)
от 21.12.0 до 21.12.1 включительно (Primavera Gateway)
от 17.12.0.0 до 17.12.20.4 включительно (Primavera P6 Enterprise Project Portfolio Management)
от 18.8.0.0 до 18.8.25.4 включительно (Primavera P6 Enterprise Project Portfolio Management)
от 19.12.0.0 до 19.12.19.0 включительно (Primavera P6 Enterprise Project Portfolio Management)
от 8.0.7.0 до 8.1.0.0 включительно (Financial Services Analytical Applications Infrastructure)
8.1.2.0 (Financial Services Analytical Applications Infrastructure)
8.1.2.1 (Financial Services Analytical Applications Infrastructure)
8.0.7.0 (Financial Services Behavior Detection Platform)
8.0.8.0 (Financial Services Behavior Detection Platform)
от 8.1.1.0 до 8.1.2.1 включительно (Oracle Financial Services Enterprise Case Management)
8.0.7.0 (Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition)
8.0.8.0 (Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition)
до 13.9.4.2.10 включительно (Oracle Global Lifecycle Management NextGen OUI Framework)
14.1.1.0.0 (Oracle WebLogic Server Proxy Plug-In)
9.1.0.52 (Oracle Health Sciences Empirica Signal)
9.2.0.52 (Oracle Health Sciences Empirica Signal)
15.0.3.1 (Oracle Retail Sales Audit)
4.5.0.0.0 (Oracle Utilities Framework)
9 (SUSE Liberty Linux)
Тип ПО
Операционная система
Прикладное ПО информационных систем
Сетевое программное средство
Сетевое средство
Операционные системы и аппаратные платформы
Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Novell Inc. openSUSE Tumbleweed -
Novell Inc. OpenSUSE Leap 15.3
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
Novell Inc. Suse Linux Enterprise Server 15 SP2 LTSS
Novell Inc. OpenSUSE Leap 15.4
Novell Inc. Suse Linux Enterprise Server 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. Suse Linux Enterprise Desktop 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. Suse Linux Enterprise Server 15 SP4
Novell Inc. Suse Linux Enterprise Desktop 15 SP4
Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. SUSE Linux Enterprise Real Time 15 SP2
АО "НППКТ" ОСОН ОСнова Оnyx до 2.7
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
АО «НТЦ ИТ РОСА» РОСА ХРОМ 12.4
Novell Inc. SUSE Liberty Linux 9
Уровень опасности уязвимости
Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,5)
Возможные меры по устранению уязвимости
Использование рекомендаций:
Для FasterXML:
https://github.com/FasterXML/jackson-databind/issues/2816
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-36518
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2020-36518
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-36518.html
Для программных продуктов NetApp Inc.:
https://security.netapp.com/advisory/ntap-20220506-0004/
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Для ОСОН ОСнова Оnyx:
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-2629
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Существует в открытом доступе
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 65%
0.0049
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 3 лет назад
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS3: 7.5
redhat
около 5 лет назад
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS3: 7.5
nvd
больше 3 лет назад
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS3: 7.5
debian
больше 3 лет назад
jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...
EPSS
Процентиль: 65%
0.0049
Низкий
7.5 High
CVSS3
7.8 High
CVSS2