Lucene search
PRIOn knowledge basePRION:CVE-2022-42004HistoryOct 02, 2022 - 5:15 a.m.
Deserialization of untrusted data
2022-10-0205:15:00
PRIOn knowledge base
www.prio-n.com
9
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| debian_linux | eq | 11.0 | |
| jackson-databind | lt | 2.12.7.1 | |
| jackson-databind | ge | 2.13.0 | |
| jackson-databind | lt | 2.13.4 | |
| quarkus | lt | 2.13.0 |
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
github.com/FasterXML/jackson-databind/issues/3582
lists.debian.org/debian-lts-announce/2022/11/msg00035.html
security.gentoo.org/glsa/202210-21
security.netapp.com/advisory/ntap-20221118-0008/
www.debian.org/security/2022/dsa-5283
Related
atlassian
atlassian
FasterXML Vulnerability in Bitbucket Data Center and Server
2023-10-06 17:45:26
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26
FasterXML Vulnerability in Bamboo Data Center and Server
2023-10-06 17:45:23
wolfi
wolfi
CVE-2022-42004 vulnerabilities
2024-05-29 03:07:31
cgr
cgr
CVE-2022-42004 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2022-42004
2022-10-02 05:15:09
osv
osv
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
CVE-2022-42004
2022-10-02 05:15:09
jackson-databind - security update
2022-11-27 00:00:00
nessus
nessus
F5 Networks BIG-IP : FasterXML vulnerability (K000132725)
2023-06-23 00:00:00
Atlassian Jira Service Management Data Center and Server < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14752)
2023-11-24 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
ibm
ibm
redhatcve
redhatcve
CVE-2022-42004
2022-10-17 07:01:06
debiancve
debiancve
CVE-2022-42004
2022-10-02 05:15:09
ubuntucve
ubuntucve
CVE-2022-42004
2022-10-02 00:00:00
broadcom
broadcom
veracode
veracode
Denial Of Service (DoS)
2022-10-03 04:26:32
f5
f5
K000132725 : FasterXML vulnerability CVE-2022-42004
2023-03-22 00:00:00
cvelist
cvelist
CVE-2022-42004
2022-10-02 00:00:00
nvd
nvd
CVE-2022-42004
2022-10-02 05:15:09
github
github
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
redhat
redhat
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2023:0713) Important: Red Hat Data Grid 8.4.1 security update
2023-02-09 11:33:55
(RHSA-2023:0471) Important: Migration Toolkit for Runtimes security update
2023-01-26 12:13:39
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00