CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1436 – Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray
https://notcve.org/view.php?id=CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown. • https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911 https://access.redhat.com/security/cve/CVE-2023-1436 https://bugzilla.redhat.com/show_bug.cgi?id=2182788 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-45693 – jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos
https://notcve.org/view.php?id=CVE-2022-45693
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. Se descubrió que Jettison anterior a v1.5.2 contenía un desbordamiento de pila a través del parámetro map. Esta vulnerabilidad permite a los atacantes provocar una Denegación de Servicio (DoS) a través de una cadena manipulada. A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. • https://github.com/jettison-json/jettison/issues/52 https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html https://www.debian.org/security/2023/dsa-5312 https://access.redhat.com/security/cve/CVE-2022-45693 https://bugzilla.redhat.com/show_bug.cgi?id=2155970 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-45685 – jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data
https://notcve.org/view.php?id=CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Un desbordamiento de pila en Jettison anterior a v1.5.2 permite a los atacantes provocar una Denegación de Servicio (DoS) a través de datos JSON manipulados. A flaw was found in Jettison. Sending a specially crafted string can cause a stack-based buffer overflow. This issue may allow a remote attacker to cause a denial of service. • https://github.com/jettison-json/jettison/issues/54 https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html https://www.debian.org/security/2023/dsa-5312 https://access.redhat.com/security/cve/CVE-2022-45685 https://bugzilla.redhat.com/show_bug.cgi?id=2214825 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40149 – Stack Buffer Overflow in Jettison
https://notcve.org/view.php?id=CVE-2022-40149
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Aquellos usando Jettison para analizar datos XML o JSON no confiables pueden ser vulnerables a ataques de Denegación de Servicio (DOS). Si el analizador es ejecutado con la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por desbordamiento de pila. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 https://github.com/jettison-json/jettison/issues/45 https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html https://www.debian.org/security/2023/dsa-5312 https://access.redhat.com/security/cve/CVE-2022-40149 https://bugzilla.redhat.com/show_bug.cgi?id=2135771 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40150 – Stack Buffer Overflow in Jettison
https://notcve.org/view.php?id=CVE-2022-40150
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. Aquellos usando Jettison para analizar datos XML o JSON no confiables pueden ser vulnerables a ataques de Denegación de Servicio (DOS). Si el analizador es ejecutado en base a la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por falta de memoria. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549 https://github.com/jettison-json/jettison/issues/45 https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html https://www.debian.org/security/2023/dsa-5312 https://access.redhat.com/security/cve/CVE-2022-40150 https://bugzilla.redhat.com/show_bug.cgi?id=2135770 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •