0.001 Low
EPSS
Percentile
44.4%
jackson-dataformat-cbor is vulnerable to denial of service (DoS). The vulnerability exists through the eager allocation of byte buffer that causes an out of memory error when a large len value is processed in _finishBytes.
len
_finishBytes
github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
github.com/FasterXML/jackson-dataformats-binary/issues/186
www.oracle.com/security-alerts/cpujul2022.html