CVE-2022-40149

Опубликовано: 20 сент. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.

Затронутые пакеты

Платформа	Пакет	Состояние
A-MQ Clients 2	jettison	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/elasticsearch6-rhel8	Will not fix
Red Hat build of Quarkus	jettison	Will not fix
Red Hat Data Grid 8	jettison	Not affected
Red Hat Decision Manager 7	jettison	Out of support scope
Red Hat Enterprise Linux 7	jettison	Out of support scope
Red Hat Fuse 7	jettison	Will not fix
Red Hat Integration Camel K 1	jettison	Affected
Red Hat JBoss Data Grid 7	jettison	Out of support scope
Red Hat JBoss Data Virtualization 6	jettison	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121->CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2135771jettison: parser crash by stackoverflow

EPSS

Процентиль: 66%

0.00521

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-40149

CVSS3: 6.5

ubuntu

больше 3 лет назад

CVE-2022-40149

CVSS3: 6.5

nvd

больше 3 лет назад

CVE-2022-40149

CVSS3: 6.5

debian

больше 3 лет назад

Those using Jettison to parse untrusted XML or JSON data may be vulner ...

GHSA-56h3-78gp-v83r

CVSS3: 6.5

github

больше 3 лет назад

Jettison parser crash by stackoverflow

EPSS

Процентиль: 66%

0.00521

Низкий

7.5 High

CVSS3