CVE-2022-40149
Stack Buffer Overflow in Jettison
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Aquellos usando Jettison para analizar datos XML o JSON no confiables pueden ser vulnerables a ataques de DenegaciĆ³n de Servicio (DOS). Si el analizador es ejecutado con la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por desbordamiento de pila. Este efecto puede soportar un ataque de denegaciĆ³n de servicio
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-07 CVE Reserved
- 2022-09-16 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/jettison-json/jettison/issues/45 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5312 | 2023-03-01 | |
| https://access.redhat.com/security/cve/CVE-2022-40149 | 2023-06-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135771 | 2023-06-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jettison Project Search vendor "Jettison Project" | Jettison Search vendor "Jettison Project" for product "Jettison" | <= 1.4.0 Search vendor "Jettison Project" for product "Jettison" and version " <= 1.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||