Описание
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
Отчет
Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | jettison | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| Migration Toolkit for Runtimes | org.keycloak-keycloak-parent | Affected | ||
| Red Hat build of Quarkus | jettison | Not affected | ||
| Red Hat Data Grid 8 | jettison | Not affected | ||
| Red Hat Decision Manager 7 | jettison | Out of support scope | ||
| Red Hat Enterprise Linux 7 | jettison | Out of support scope | ||
| Red Hat Enterprise Linux 8 | log4j:2/log4j | Not affected | ||
| Red Hat Enterprise Linux 9 | log4j | Not affected | ||
| Red Hat Fuse 7 | jettison | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Jettison before v1.5.2 was discovered to contain a stack overflow via ...
EPSS
7.5 High
CVSS3