Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-28491

Опубликовано: 18 фев. 2021
Источник: redhat
CVSS3: 7.5

Описание

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

Отчет

In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor. Since the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future. In OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container). [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Application Runtimesjackson-dataformat-cborAffected
Red Hat OpenShift Container Platform 3.11openshift3/ose-logging-elasticsearch5Will not fix
Red Hat OpenShift Container Platform 4openshift4/ose-logging-elasticsearch6Out of support scope
Red Hat OpenShift Container Platform 4openshift4/ose-metering-hadoopWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-metering-hiveWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-metering-prestoWill not fix
OpenShift Logging 5.1openshift-logging/elasticsearch6-rhel8FixedRHSA-2022:072701.03.2022
OpenShift Logging 5.2openshift-logging/elasticsearch6-rhel8FixedRHSA-2022:072802.03.2022
OpenShift Logging 5.3openshift-logging/elasticsearch6-rhel8FixedRHSA-2022:072101.03.2022
Red Hat build of Quarkus 2.2.3jackson-dataformat-cborFixedRHSA-2021:388020.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1930423jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-28491

CVSS3: 7.5
ubuntu
почти 5 лет назад

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

nvd логотип

CVE-2020-28491

CVSS3: 7.5
nvd
почти 5 лет назад

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

debian логотип

CVE-2020-28491

CVSS3: 7.5
debian
почти 5 лет назад

This affects the package com.fasterxml.jackson.dataformat:jackson-data ...

github логотип

GHSA-xmc8-26q4-qjhx

CVSS3: 7.5
github
около 4 лет назад

Denial of Service (DoS) in Jackson Dataformat CBOR

fstec логотип

BDU:2023-08464

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость пакета com.fasterxml.jackson.dataformat:jackson-dataformat-cbor библиотеки jackson-dataformats-binary, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3