Lucene search
F5F5:K00994461HistoryAug 29, 2022 - 12:00 a.m.
K00994461: GSON vulnerability CVE-2022-25647
2022-08-2900:00:00
my.f5.com
36
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.0%
Security Advisory Description
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. (CVE-2022-25647)
Impact
Traffic is disrupted for new client connections. This vulnerability allows a remote, authenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system specific to the iAppsLX service, and the BIG-IQ system specific to the iControl REST framework. There is no data plane exposure; this is a control plane issue only.
Affected configurations
Node
f5big-ip_nextMatch1.5.0
ORf5big-ipMatch13.1.0
ORf5big-ipMatch13.1.1
ORf5big-ipMatch13.1.3
ORf5big-ipMatch13.1.4
ORf5big-ipMatch13.1.5
ORf5big-ipMatch14.1.0
ORf5big-ipMatch14.1.2
ORf5big-ipMatch14.1.3
ORf5big-ipMatch14.1.4
ORf5big-ipMatch14.1.5
ORf5big-ipMatch15.1.0
ORf5big-ipMatch15.1.1
ORf5big-ipMatch15.1.10
ORf5big-ipMatch15.1.2
ORf5big-ipMatch15.1.3
ORf5big-ipMatch15.1.4
ORf5big-ipMatch15.1.5
ORf5big-ipMatch15.1.6
ORf5big-ipMatch15.1.7
ORf5big-ipMatch15.1.8
ORf5big-ipMatch15.1.9
ORf5big-ip_afmMatch13.1.0
ORf5big-ip_afmMatch13.1.1
ORf5big-ip_afmMatch13.1.3
ORf5big-ip_afmMatch13.1.4
ORf5big-ip_afmMatch13.1.5
ORf5big-ip_afmMatch14.1.0
ORf5big-ip_afmMatch14.1.2
ORf5big-ip_afmMatch14.1.3
ORf5big-ip_afmMatch14.1.4
ORf5big-ip_afmMatch14.1.5
ORf5big-ip_afmMatch15.1.0
ORf5big-ip_afmMatch15.1.1
ORf5big-ip_afmMatch15.1.10
ORf5big-ip_afmMatch15.1.2
ORf5big-ip_afmMatch15.1.3
ORf5big-ip_afmMatch15.1.4
ORf5big-ip_afmMatch15.1.5
ORf5big-ip_afmMatch15.1.6
ORf5big-ip_afmMatch15.1.7
ORf5big-ip_afmMatch15.1.8
ORf5big-ip_afmMatch15.1.9
ORf5big-ip_afmMatch16.1.0
ORf5big-ip_afmMatch16.1.1
ORf5big-ip_afmMatch16.1.2
ORf5big-ip_afmMatch16.1.3
ORf5big-ip_afmMatch16.1.4
ORf5big-ip_afmMatch17.0.0
ORf5big-ip_afmMatch17.1.0
ORf5big-ip_afmMatch17.1.1
ORf5big-ip_analyticsMatch13.1.0
ORf5big-ip_analyticsMatch13.1.1
ORf5big-ip_analyticsMatch13.1.3
ORf5big-ip_analyticsMatch13.1.4
ORf5big-ip_analyticsMatch13.1.5
ORf5big-ip_analyticsMatch14.1.0
ORf5big-ip_analyticsMatch14.1.2
ORf5big-ip_analyticsMatch14.1.3
ORf5big-ip_analyticsMatch14.1.4
ORf5big-ip_analyticsMatch14.1.5
ORf5big-ip_analyticsMatch15.1.0
ORf5big-ip_analyticsMatch15.1.1
ORf5big-ip_analyticsMatch15.1.10
ORf5big-ip_analyticsMatch15.1.2
ORf5big-ip_analyticsMatch15.1.3
ORf5big-ip_analyticsMatch15.1.4
ORf5big-ip_analyticsMatch15.1.5
ORf5big-ip_analyticsMatch15.1.6
ORf5big-ip_analyticsMatch15.1.7
ORf5big-ip_analyticsMatch15.1.8
ORf5big-ip_analyticsMatch15.1.9
ORf5big-ip_analyticsMatch16.1.0
ORf5big-ip_analyticsMatch16.1.1
ORf5big-ip_analyticsMatch16.1.2
ORf5big-ip_analyticsMatch16.1.3
ORf5big-ip_analyticsMatch16.1.4
ORf5big-ip_analyticsMatch17.0.0
ORf5big-ip_analyticsMatch17.1.0
ORf5big-ip_analyticsMatch17.1.1
ORf5big-ip_apmMatch13.1.0
ORf5big-ip_apmMatch13.1.1
ORf5big-ip_apmMatch13.1.3
ORf5big-ip_apmMatch13.1.4
ORf5big-ip_apmMatch13.1.5
ORf5big-ip_apmMatch14.1.0
ORf5big-ip_apmMatch14.1.2
ORf5big-ip_apmMatch14.1.3
ORf5big-ip_apmMatch14.1.4
ORf5big-ip_apmMatch14.1.5
ORf5big-ip_apmMatch15.1.0
ORf5big-ip_apmMatch15.1.1
ORf5big-ip_apmMatch15.1.10
ORf5big-ip_apmMatch15.1.2
ORf5big-ip_apmMatch15.1.3
ORf5big-ip_apmMatch15.1.4
ORf5big-ip_apmMatch15.1.5
ORf5big-ip_apmMatch15.1.6
ORf5big-ip_apmMatch15.1.7
ORf5big-ip_apmMatch15.1.8
ORf5big-ip_apmMatch15.1.9
ORf5big-ip_apmMatch16.1.0
ORf5big-ip_apmMatch16.1.1
ORf5big-ip_apmMatch16.1.2
ORf5big-ip_apmMatch16.1.3
ORf5big-ip_apmMatch16.1.4
ORf5big-ip_apmMatch17.0.0
ORf5big-ip_apmMatch17.1.0
ORf5big-ip_apmMatch17.1.1
ORf5big-ip_asmMatch13.1.0
ORf5big-ip_asmMatch13.1.1
ORf5big-ip_asmMatch13.1.3
ORf5big-ip_asmMatch13.1.4
ORf5big-ip_asmMatch13.1.5
ORf5big-ip_asmMatch14.1.0
ORf5big-ip_asmMatch14.1.2
ORf5big-ip_asmMatch14.1.3
ORf5big-ip_asmMatch14.1.4
ORf5big-ip_asmMatch14.1.5
ORf5big-ip_asmMatch15.1.0
ORf5big-ip_asmMatch15.1.1
ORf5big-ip_asmMatch15.1.10
ORf5big-ip_asmMatch15.1.2
ORf5big-ip_asmMatch15.1.3
ORf5big-ip_asmMatch15.1.4
ORf5big-ip_asmMatch15.1.5
ORf5big-ip_asmMatch15.1.6
ORf5big-ip_asmMatch15.1.7
ORf5big-ip_asmMatch15.1.8
ORf5big-ip_asmMatch15.1.9
ORf5big-ip_asmMatch16.1.0
ORf5big-ip_asmMatch16.1.1
ORf5big-ip_asmMatch16.1.2
ORf5big-ip_asmMatch16.1.3
ORf5big-ip_asmMatch16.1.4
ORf5big-ip_asmMatch17.0.0
ORf5big-ip_asmMatch17.1.0
ORf5big-ip_asmMatch17.1.1
ORf5big-ip_dnsMatch13.1.0
ORf5big-ip_dnsMatch13.1.1
ORf5big-ip_dnsMatch13.1.3
ORf5big-ip_dnsMatch13.1.4
ORf5big-ip_dnsMatch13.1.5
ORf5big-ip_dnsMatch14.1.0
ORf5big-ip_dnsMatch14.1.2
ORf5big-ip_dnsMatch14.1.3
ORf5big-ip_dnsMatch14.1.4
ORf5big-ip_dnsMatch14.1.5
ORf5big-ip_dnsMatch15.1.0
ORf5big-ip_dnsMatch15.1.1
ORf5big-ip_dnsMatch15.1.10
ORf5big-ip_dnsMatch15.1.2
ORf5big-ip_dnsMatch15.1.3
ORf5big-ip_dnsMatch15.1.4
ORf5big-ip_dnsMatch15.1.5
ORf5big-ip_dnsMatch15.1.6
ORf5big-ip_dnsMatch15.1.7
ORf5big-ip_dnsMatch15.1.8
ORf5big-ip_dnsMatch15.1.9
ORf5big-ip_dnsMatch16.1.0
ORf5big-ip_dnsMatch16.1.1
ORf5big-ip_dnsMatch16.1.2
ORf5big-ip_dnsMatch16.1.3
ORf5big-ip_dnsMatch16.1.4
ORf5big-ip_dnsMatch17.0.0
ORf5big-ip_dnsMatch17.1.0
ORf5big-ip_dnsMatch17.1.1
ORf5big-ipMatch13.1.0
ORf5big-ipMatch13.1.1
ORf5big-ipMatch13.1.3
ORf5big-ipMatch13.1.4
ORf5big-ipMatch13.1.5
ORf5big-ipMatch14.1.0
ORf5big-ipMatch14.1.2
ORf5big-ipMatch14.1.3
ORf5big-ipMatch14.1.4
ORf5big-ipMatch14.1.5
ORf5big-ipMatch15.1.0
ORf5big-ipMatch15.1.1
ORf5big-ipMatch15.1.10
ORf5big-ipMatch15.1.2
ORf5big-ipMatch15.1.3
ORf5big-ipMatch15.1.4
ORf5big-ipMatch15.1.5
ORf5big-ipMatch15.1.6
ORf5big-ipMatch15.1.7
ORf5big-ipMatch15.1.8
ORf5big-ipMatch15.1.9
ORf5big-ipMatch16.1.0
ORf5big-ipMatch16.1.1
ORf5big-ipMatch16.1.2
ORf5big-ipMatch16.1.3
ORf5big-ipMatch16.1.4
ORf5big-ipMatch17.0.0
ORf5big-ipMatch17.1.0
ORf5big-ipMatch17.1.1
ORf5big-ip_link_controllerMatch13.1.0
ORf5big-ip_link_controllerMatch13.1.1
ORf5big-ip_link_controllerMatch13.1.3
ORf5big-ip_link_controllerMatch13.1.4
ORf5big-ip_link_controllerMatch13.1.5
ORf5big-ip_link_controllerMatch14.1.0
ORf5big-ip_link_controllerMatch14.1.2
ORf5big-ip_link_controllerMatch14.1.3
ORf5big-ip_link_controllerMatch14.1.4
ORf5big-ip_link_controllerMatch14.1.5
ORf5big-ip_link_controllerMatch15.1.0
ORf5big-ip_link_controllerMatch15.1.1
ORf5big-ip_link_controllerMatch15.1.10
ORf5big-ip_link_controllerMatch15.1.2
ORf5big-ip_link_controllerMatch15.1.3
ORf5big-ip_link_controllerMatch15.1.4
ORf5big-ip_link_controllerMatch15.1.5
ORf5big-ip_link_controllerMatch15.1.6
ORf5big-ip_link_controllerMatch15.1.7
ORf5big-ip_link_controllerMatch15.1.8
ORf5big-ip_link_controllerMatch15.1.9
ORf5big-ip_link_controllerMatch16.1.0
ORf5big-ip_link_controllerMatch16.1.1
ORf5big-ip_link_controllerMatch16.1.2
ORf5big-ip_link_controllerMatch16.1.3
ORf5big-ip_link_controllerMatch16.1.4
ORf5big-ip_link_controllerMatch17.0.0
ORf5big-ip_link_controllerMatch17.1.0
ORf5big-ip_link_controllerMatch17.1.1
ORf5big-ip_ltmMatch13.1.0
ORf5big-ip_ltmMatch13.1.1
ORf5big-ip_ltmMatch13.1.3
ORf5big-ip_ltmMatch13.1.4
ORf5big-ip_ltmMatch13.1.5
ORf5big-ip_ltmMatch14.1.0
ORf5big-ip_ltmMatch14.1.2
ORf5big-ip_ltmMatch14.1.3
ORf5big-ip_ltmMatch14.1.4
ORf5big-ip_ltmMatch14.1.5
ORf5big-ip_ltmMatch15.1.0
ORf5big-ip_ltmMatch15.1.1
ORf5big-ip_ltmMatch15.1.10
ORf5big-ip_ltmMatch15.1.2
ORf5big-ip_ltmMatch15.1.3
ORf5big-ip_ltmMatch15.1.4
ORf5big-ip_ltmMatch15.1.5
ORf5big-ip_ltmMatch15.1.6
ORf5big-ip_ltmMatch15.1.7
ORf5big-ip_ltmMatch15.1.8
ORf5big-ip_ltmMatch15.1.9
ORf5big-ip_ltmMatch16.1.0
ORf5big-ip_ltmMatch16.1.1
ORf5big-ip_ltmMatch16.1.2
ORf5big-ip_ltmMatch16.1.3
ORf5big-ip_ltmMatch16.1.4
ORf5big-ip_ltmMatch17.0.0
ORf5big-ip_ltmMatch17.1.0
ORf5big-ip_ltmMatch17.1.1
ORf5big-ip_pemMatch13.1.0
ORf5big-ip_pemMatch13.1.1
ORf5big-ip_pemMatch13.1.3
ORf5big-ip_pemMatch13.1.4
ORf5big-ip_pemMatch13.1.5
ORf5big-ip_pemMatch14.1.0
ORf5big-ip_pemMatch14.1.2
ORf5big-ip_pemMatch14.1.3
ORf5big-ip_pemMatch14.1.4
ORf5big-ip_pemMatch14.1.5
ORf5big-ip_pemMatch15.1.0
ORf5big-ip_pemMatch15.1.1
ORf5big-ip_pemMatch15.1.10
ORf5big-ip_pemMatch15.1.2
ORf5big-ip_pemMatch15.1.3
ORf5big-ip_pemMatch15.1.4
ORf5big-ip_pemMatch15.1.5
ORf5big-ip_pemMatch15.1.6
ORf5big-ip_pemMatch15.1.7
ORf5big-ip_pemMatch15.1.8
ORf5big-ip_pemMatch15.1.9
ORf5big-ip_pemMatch16.1.0
ORf5big-ip_pemMatch16.1.1
ORf5big-ip_pemMatch16.1.2
ORf5big-ip_pemMatch16.1.3
ORf5big-ip_pemMatch16.1.4
ORf5big-ip_pemMatch17.0.0
ORf5big-ip_pemMatch17.1.0
ORf5big-ip_pemMatch17.1.1
ORf5f5os-aMatch1.1.1
ORf5f5os-aMatch1.2.0
ORf5f5os-cMatch1.3.0
ORf5f5os-cMatch1.3.1
ORf5f5os-cMatch1.3.2
ORf5f5os-cMatch1.5.0
ORf5big-iq_centralized_managementMatch7.1.0
ORf5big-iq_centralized_managementMatch8.0.0
ORf5big-iq_centralized_managementMatch8.1.0
ORf5big-iq_centralized_managementMatch8.2.0
ORf5big-iq_centralized_managementMatch8.3.0
ORf5big-ip_ddos_hybrid_defenderMatch14.1.0
ORf5big-ip_ddos_hybrid_defenderMatch14.1.2
ORf5big-ip_ddos_hybrid_defenderMatch15.1.0
ORf5big-ip_ddos_hybrid_defenderMatch15.1.1
ORf5big-ip_ddos_hybrid_defenderMatch16.1.0
ORf5big-ip_ddos_hybrid_defenderMatch17.0.0
ORf5ssl_orchestratorMatch14.1.0
ORf5ssl_orchestratorMatch14.1.2
ORf5ssl_orchestratorMatch14.1.4
ORf5ssl_orchestratorMatch15.1.0
ORf5ssl_orchestratorMatch15.1.1
ORf5ssl_orchestratorMatch16.1.0
ORf5ssl_orchestratorMatch16.1.1
ORf5ssl_orchestratorMatch16.1.3
ORf5ssl_orchestratorMatch17.0.0
ORf5traffix_signaling_delivery_controllerMatch5.1.0
ORf5traffix_signaling_delivery_controllerMatch5.2.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip next spk | eq | 1.5.0 | |
| big-ip aam | eq | 13.1.0 | |
| big-ip aam | eq | 13.1.1 | |
| big-ip aam | eq | 13.1.3 | |
| big-ip aam | eq | 13.1.4 | |
| big-ip aam | eq | 13.1.5 | |
| big-ip aam | eq | 14.1.0 | |
| big-ip aam | eq | 14.1.2 | |
| big-ip aam | eq | 14.1.3 | |
| big-ip aam | eq | 14.1.4 |
Related
mageia
mageia
Updated google-gson packages fix security vulnerability
2022-09-21 21:15:27
osv
osv
libgoogle-gson-java - security update
2022-05-13 00:00:00
libgoogle-gson-java vulnerability
2024-03-12 15:54:06
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
openvas
openvas
openSUSE: Security Advisory for google-gson (SUSE-SU-2022:2044-1)
2022-06-11 00:00:00
Mageia: Security Advisory (MGASA-2022-0340)
2022-09-22 00:00:00
Debian: Security Advisory (DLA-3001-1)
2022-05-14 00:00:00
ibm
ibm
Security Bulletin: Vulnerability from Google Gson affect IBM Operations Analytics - Log Analysis (CVE-2022-25647)
2023-05-19 09:31:46
nessus
nessus
F5 Networks BIG-IP : GSON vulnerability (K00994461)
2022-08-29 00:00:00
Debian DSA-5227-1 : libgoogle-gson-java - security update
2022-09-07 00:00:00
Debian DLA-3100-1 : libgoogle-gson-java - LTS security update
2022-09-07 00:00:00
suse
suse
Security update for google-gson (important)
2022-06-10 00:00:00
debian
debian
[SECURITY] [DSA 5227-1] libgoogle-gson-java security update
2022-09-07 10:22:18
[SECURITY] [DLA 3100-1] libgoogle-gson-java security update
2022-09-07 09:14:24
[SECURITY] [DLA 3001-1] libgoogle-gson-java security update
2022-05-13 21:45:43
nvd
nvd
CVE-2022-25647
2022-05-01 16:15:08
atlassian
atlassian
cve
cve
CVE-2022-25647
2022-05-01 16:15:08
cgr
cgr
CVE-2022-25647 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2022-25647
2022-05-01 16:15:08
ubuntucve
ubuntucve
CVE-2022-25647
2022-05-01 00:00:00
alpinelinux
alpinelinux
CVE-2022-25647
2022-05-01 16:15:08
cvelist
cvelist
CVE-2022-25647 Deserialization of Untrusted Data
2022-05-01 00:00:00
redhatcve
redhatcve
CVE-2022-25647
2022-05-02 07:38:06
broadcom
broadcom
ubuntu
ubuntu
Gson vulnerability
2024-03-12 00:00:00
wolfi
wolfi
CVE-2022-25647 vulnerabilities
2024-06-29 09:08:33
veracode
veracode
Denial Of Service (DoS)
2022-05-04 14:43:44
prion
prion
Deserialization of untrusted data
2022-05-01 16:15:00
github
github
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
redhat
redhat
hivepro
hivepro
Critical Security Vulnerabilities Discovered in Atlassian Products
2023-09-27 10:22:43
thn
thn
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
2023-09-22 08:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.0%
Related for F5:K00994461