Lucene search
MitreCVELIST:CVE-2022-42004HistoryOct 02, 2022 - 12:00 a.m.
CVE-2022-42004
2022-10-0200:00:00
mitre
www.cve.org
3
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
github.com/FasterXML/jackson-databind/issues/3582
lists.debian.org/debian-lts-announce/2022/11/msg00035.html
security.gentoo.org/glsa/202210-21
security.netapp.com/advisory/ntap-20221118-0008/
www.debian.org/security/2022/dsa-5283
Related
atlassian
atlassian
FasterXML Vulnerability in Bitbucket Data Center and Server
2023-10-06 17:45:26
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26
FasterXML Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:38
wolfi
wolfi
CVE-2022-42004 vulnerabilities
2024-05-29 03:07:31
cgr
cgr
CVE-2022-42004 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2022-42004
2022-10-02 05:15:09
osv
osv
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
CVE-2022-42004
2022-10-02 05:15:09
jackson-databind - security update
2022-11-17 00:00:00
nessus
nessus
F5 Networks BIG-IP : FasterXML vulnerability (K000132725)
2023-06-23 00:00:00
Atlassian Jira Service Management Data Center and Server < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14752)
2023-11-24 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
ibm
ibm
Security Bulletin: Due to use of FasterXML Jackson-databind, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial of service.
2023-09-05 10:05:58
nvd
nvd
CVE-2022-42004
2022-10-02 05:15:09
veracode
veracode
Denial Of Service (DoS)
2022-10-03 04:26:32
f5
f5
K000132725 : FasterXML vulnerability CVE-2022-42004
2023-03-22 00:00:00
github
github
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
debiancve
debiancve
CVE-2022-42004
2022-10-02 05:15:09
ubuntucve
ubuntucve
CVE-2022-42004
2022-10-02 00:00:00
broadcom
broadcom
prion
prion
Deserialization of untrusted data
2022-10-02 05:15:00
redhatcve
redhatcve
CVE-2022-42004
2022-10-17 07:01:06
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
redhat
redhat
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00