CVE-2022-40150

jettison-json/jettison

on github

Published

September 16, 2022

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

N/A

Description

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
https://github.com/jettison-json/jettison/issues/45
https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
https://www.debian.org/security/2023/dsa-5312

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:jettison_project:jettison::::::::	n/a	1.4.0 (including)	*
cpe:2.3:o:debian:debian_linux:10.0:::::::*	n/a	n/a	10.0
cpe:2.3:o:debian:debian_linux:11.0:::::::*	n/a	n/a	11.0

External Links

NVD - CVE-2022-40150