CVE-2022-40151
Stack Buffer Overflow in xstream
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Los que usan Xstream para seralizar datos XML pueden ser vulnerables a ataques de DenegaciĆ³n de Servicio (DOS). Si el analizador es ejecutado con la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por desbordamiento de pila. Este efecto puede soportar un ataque de denegaciĆ³n de servicio
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-07 CVE Reserved
- 2022-09-16 CVE Published
- 2024-02-28 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/x-stream/xstream/issues/304 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-40151 | 2024-03-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2134292 | 2024-03-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xstream Project Search vendor "Xstream Project" | Xstream Search vendor "Xstream Project" for product "Xstream" | <= 1.4.19 Search vendor "Xstream Project" for product "Xstream" and version " <= 1.4.19" | - |
Affected
|