Описание
JXPath Out-of-bounds Write vulnerability
Withdrawn
This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references.
Original Description
Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Пакеты
commons-jxpath:commons-jxpath
<= 1.3
Отсутствует
Связанные уязвимости
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
** DISPUTED ** This record was originally reported by the oss-fuzz pro ...
Уязвимость библиотеки обработки объектных запросов JXPath, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании