Lucene search
Veracode Vulnerability DatabaseVERACODE:35365HistoryMay 04, 2022 - 2:43 p.m.
Denial Of Service (DoS)
2022-05-0414:43:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
0.002 Low
EPSS
Percentile
65.0%
Gson is vulnerable to denial of service. The vulnerability exists in internal java classes due to not preventing writing a replacement JDK object during serialization which allows an attacker to cause an application crash.
References
github.com/advisories/GHSA-4jrv-ppp4-jm57
github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986
github.com/google/gson/pull/1991
github.com/google/gson/pull/1991/commits
lists.debian.org/debian-lts-announce/2022/05/msg00015.html
lists.debian.org/debian-lts-announce/2022/09/msg00009.html
security.netapp.com/advisory/ntap-20220901-0009/
www.debian.org/security/2022/dsa-5227
www.oracle.com/security-alerts/cpujul2022.html
Related
f5
f5
K00994461: GSON vulnerability CVE-2022-25647
2022-08-29 00:00:00
debian
debian
[SECURITY] [DSA 5227-1] libgoogle-gson-java security update
2022-09-07 10:22:18
[SECURITY] [DLA 3100-1] libgoogle-gson-java security update
2022-09-07 09:14:24
[SECURITY] [DLA 3001-1] libgoogle-gson-java security update
2022-05-13 21:45:43
nessus
nessus
Debian DLA-3100-1 : libgoogle-gson-java - LTS security update
2022-09-07 00:00:00
Oracle Application Testing Suite DoS (October 2023 CPU)
2023-10-26 00:00:00
F5 Networks BIG-IP : GSON vulnerability (K00994461)
2022-08-29 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3001-1)
2022-05-14 00:00:00
openSUSE: Security Advisory for google-gson (SUSE-SU-2022:2044-1)
2022-06-11 00:00:00
Mageia: Security Advisory (MGASA-2022-0340)
2022-09-22 00:00:00
nvd
nvd
CVE-2022-25647
2022-05-01 16:15:08
atlassian
atlassian
cve
cve
CVE-2022-25647
2022-05-01 16:15:08
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability (CVE-2022-25647)
2023-01-18 22:01:26
osv
osv
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
libgoogle-gson-java vulnerability
2024-03-12 15:54:06
libgoogle-gson-java - security update
2022-05-13 00:00:00
cgr
cgr
CVE-2022-25647 vulnerabilities
2024-05-19 03:07:16
mageia
mageia
Updated google-gson packages fix security vulnerability
2022-09-21 21:15:27
suse
suse
Security update for google-gson (important)
2022-06-10 00:00:00
debiancve
debiancve
CVE-2022-25647
2022-05-01 16:15:08
ubuntucve
ubuntucve
CVE-2022-25647
2022-05-01 00:00:00
alpinelinux
alpinelinux
CVE-2022-25647
2022-05-01 16:15:08
cvelist
cvelist
CVE-2022-25647 Deserialization of Untrusted Data
2022-05-01 00:00:00
redhatcve
redhatcve
CVE-2022-25647
2022-05-02 07:38:06
prion
prion
Deserialization of untrusted data
2022-05-01 16:15:00
github
github
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
broadcom
broadcom
ubuntu
ubuntu
Gson vulnerability
2024-03-12 00:00:00
wolfi
wolfi
CVE-2022-25647 vulnerabilities
2024-06-29 09:08:33
redhat
redhat
hivepro
hivepro
Critical Security Vulnerabilities Discovered in Atlassian Products
2023-09-27 10:22:43
thn
thn
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
2023-09-22 08:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00