Lucene search
PRIOn knowledge basePRION:CVE-2022-42003HistoryOct 02, 2022 - 5:15 a.m.
Code injection
2022-10-0205:15:00
PRIOn knowledge base
www.prio-n.com
20
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| debian_linux | eq | 11.0 | |
| jackson-databind | ge | 2.13.0 | |
| jackson-databind | lt | 2.13.4.1 | |
| jackson-databind | lt | 2.12.7.1 | |
| quarkus | lt | 2.13.3 |
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
github.com/FasterXML/jackson-databind/issues/3590
lists.debian.org/debian-lts-announce/2022/11/msg00035.html
security.gentoo.org/glsa/202210-21
security.netapp.com/advisory/ntap-20221124-0004/
www.debian.org/security/2022/dsa-5283
Related
ibm
ibm
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)
2023-07-21 12:39:37
atlassian
atlassian
nvd
nvd
CVE-2022-42003
2022-10-02 05:15:09
nessus
nessus
osv
osv
CVE-2022-42003
2022-10-02 05:15:09
Uncontrolled Resource Consumption in Jackson-databind
2022-10-03 00:00:31
jackson-databind - security update
2022-11-17 00:00:00
cve
cve
CVE-2022-42003
2022-10-02 05:15:09
ubuntucve
ubuntucve
CVE-2022-42003
2022-10-02 00:00:00
broadcom
broadcom
f5
f5
K000135852 : FasterXML jackson-databind vulnerability CVE-2022-42003
2023-08-15 00:00:00
cgr
cgr
CVE-2022-42003 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Denial Of Service (DoS)
2022-10-03 10:42:53
redhatcve
redhatcve
CVE-2022-42003
2022-10-17 07:01:04
debiancve
debiancve
CVE-2022-42003
2022-10-02 05:15:09
github
github
Uncontrolled Resource Consumption in Jackson-databind
2022-10-03 00:00:31
cvelist
cvelist
CVE-2022-42003
2022-10-02 00:00:00
wolfi
wolfi
CVE-2022-42003 vulnerabilities
2024-05-29 03:07:31
redhat
redhat
(RHSA-2023:1151) Critical: Satellite 6.11.5 Async Security Update
2023-03-07 18:53:49
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2023:0261) Critical: Satellite 6.12.1 Async Security Update
2023-01-18 14:49:14
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00