Описание
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
A flaw was found in Jettison. Sending a specially crafted string can cause a stack-based buffer overflow. This issue may allow a remote attacker to cause a denial of service.
Отчет
Red Hat has determined the impact of this flaw to be Moderate. A successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | jettison | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| Migration Toolkit for Applications 6 | org.keycloak-keycloak-parent | Not affected | ||
| Migration Toolkit for Runtimes | org.keycloak-keycloak-parent | Not affected | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | jettison | Affected | ||
| Red Hat Data Grid 8 | jettison | Not affected | ||
| Red Hat Decision Manager 7 | jettison | Out of support scope | ||
| Red Hat Enterprise Linux 7 | jettison | Out of support scope | ||
| Red Hat Enterprise Linux 8 | log4j:2/log4j | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...
EPSS
7.5 High
CVSS3