CVE-2022-40152 – Stack Buffer Overflow in Woodstox

https://notcve.org/view.php?id=CVE-2022-40152

16 Sep 2022 — Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Los que usan Xstream para seralizar datos XML pueden ser vulnerables a ataques de Denegación de Servicio (DOS). Si el analizador es ejecutado con la entrada suministrada por el usuario, un atacante puede suminis... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •