CVE-2022-40150

Опубликовано: 20 сент. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.

Затронутые пакеты

Платформа	Пакет	Состояние
A-MQ Clients 2	jettison	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/elasticsearch6-rhel8	Fix deferred
Red Hat build of Quarkus	jettison	Fix deferred
Red Hat Data Grid 8	jettison	Not affected
Red Hat Decision Manager 7	jettison	Out of support scope
Red Hat Enterprise Linux 7	jettison	Out of support scope
Red Hat Fuse 7	jettison	Fix deferred
Red Hat Integration Camel K 1	jettison	Not affected
Red Hat JBoss Data Grid 7	jettison	Out of support scope
Red Hat JBoss Data Virtualization 6	jettison	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2135770jettison: memory exhaustion via user-supplied XML or JSON data

EPSS

Процентиль: 17%

0.00055

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-40150

CVSS3: 6.5

ubuntu

больше 3 лет назад

CVE-2022-40150

CVSS3: 6.5

nvd

больше 3 лет назад

CVE-2022-40150

CVSS3: 6.5

debian

больше 3 лет назад

Those using Jettison to parse untrusted XML or JSON data may be vulner ...

GHSA-x27m-9w8j-5vcw

CVSS3: 7.5

github

больше 3 лет назад

Jettison memory exhaustion

EPSS

Процентиль: 17%

0.00055

Низкий

7.5 High

CVSS3