CVE-2022-40150
Stack Buffer Overflow in Jettison
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
Aquellos usando Jettison para analizar datos XML o JSON no confiables pueden ser vulnerables a ataques de DenegaciĆ³n de Servicio (DOS). Si el analizador es ejecutado en base a la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por falta de memoria. Este efecto puede soportar un ataque de denegaciĆ³n de servicio
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-07 CVE Reserved
- 2022-09-16 CVE Published
- 2024-05-07 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-674: Uncontrolled Recursion
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/jettison-json/jettison/issues/45 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5312 | 2023-07-13 | |
| https://access.redhat.com/security/cve/CVE-2022-40150 | 2023-06-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135770 | 2023-06-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jettison Project Search vendor "Jettison Project" | Jettison Search vendor "Jettison Project" for product "Jettison" | <= 1.4.0 Search vendor "Jettison Project" for product "Jettison" and version " <= 1.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||