Lucene search
Veracode Vulnerability DatabaseVERACODE:37143HistorySep 19, 2022 - 12:01 p.m.
Denial Of Service (DoS)
2022-09-1912:01:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24
application
denial of service
vulnerability
stack overflow
defaultconverter.java
0.002 Low
EPSS
Percentile
53.1%
jettison is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the stack overflow in the convertToJSONPrimitive function of DefaultConverter.java, allowing an attacker to cause an application crash by providing malicious input through the parser.
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
github.com/advisories/GHSA-56h3-78gp-v83r
github.com/jettison-json/jettison/commit/cfc7382c4dab4e207d2db2f0a70f60ce565e477d
github.com/jettison-json/jettison/issues/45
github.com/jettison-json/jettison/pull/43
lists.debian.org/debian-lts-announce/2022/11/msg00011.html
www.debian.org/security/2023/dsa-5312
Related
debian
debian
[SECURITY] [DLA 3184-1] libjettison-java security update
2022-11-10 11:04:03
[SECURITY] [DSA 5312-1] libjettison-java security update
2023-01-10 23:10:35
github
github
Jettison parser crash by stackoverflow
2022-09-17 00:00:41
Jettison parser crash by stackoverflow
2023-08-01 19:53:16
amazon
amazon
Medium: jettison
2023-11-29 22:20:00
osv
osv
Jettison parser crash by stackoverflow
2023-08-01 19:53:16
libjettison-java - security update
2022-11-10 00:00:00
CVE-2022-40149
2022-09-16 10:15:09
redhatcve
redhatcve
CVE-2022-40149
2022-10-18 11:39:53
openvas
openvas
Debian: Security Advisory (DLA-3184-1)
2022-11-11 00:00:00
Debian: Security Advisory (DSA-5312-1)
2023-01-12 00:00:00
Ubuntu: Security Advisory (USN-6177-1)
2023-06-20 00:00:00
nvd
nvd
CVE-2022-40149
2022-09-16 10:15:09
cvelist
cvelist
CVE-2022-40149 Stack Buffer Overflow in Jettison
2022-09-16 00:00:00
atlassian
atlassian
debiancve
debiancve
CVE-2022-40149
2022-09-16 10:15:09
prion
prion
Input validation
2022-09-16 10:15:00
cve
cve
CVE-2022-40149
2022-09-16 10:15:09
nessus
nessus
Debian DLA-3184-1 : libjettison-java - LTS security update
2022-11-12 00:00:00
Amazon Linux 2 : jettison (ALAS-2023-2363)
2023-12-04 00:00:00
Oracle Access Manager Multiple Vulnerabilities (Apr 2023 CPU)
2023-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2022-40149
2022-09-16 00:00:00
ibm
ibm
redhat
redhat
ubuntu
ubuntu
Jettison vulnerabilities
2023-06-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00