Lucene search
GitHub Advisory DatabaseGHSA-9FWF-46G9-45RXHistorySep 17, 2022 - 12:00 a.m.
Denial of Service via stack overflow
2022-09-1700:00:41
CWE-787
GitHub Advisory Database
github.com
18
xml parser
denial of service
fasterxml/woodstox
0 Low
EPSS
Percentile
0.0%
Withdrawn
This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information.
Original Despcription
Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
This vulnerability is only relevant for users making use of the DTD parsing functionality.
Affected configurations
Node
com.fasterxml.woodstox\woodstoxMatchcore
ORcom.fasterxml.woodstox\woodstoxMatchcore
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.fasterxml.woodstox:woodstox-core | lt | 5.4.0 | |
| com.fasterxml.woodstox:woodstox-core | lt | 6.4.0 |
Related
cve
cve
CVE-2022-40154
2022-09-16 10:15:10
cvelist
cvelist
CVE-2022-40154
1976-01-01 00:00:00
osv
osv
Denial of Service via stack overflow
2022-09-17 00:00:41
redhatcve
redhatcve
CVE-2022-40154
2022-09-22 06:18:50
nvd
nvd
CVE-2022-40154
2022-09-16 10:15:10
veracode
veracode
Denial Of Service (DoS)
2022-09-19 05:18:16
debiancve
debiancve
CVE-2022-40154
2022-09-16 10:15:00
ubuntucve
ubuntucve
CVE-2022-40154
2022-09-16 00:00:00
ibm
ibm
redhat
redhat