Lucene search
Veracode Vulnerability DatabaseVERACODE:37148HistorySep 19, 2022 - 1:11 p.m.
Denial Of Service (DoS)
2022-09-1913:11:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
jettison
dos
vulnerability
jsontokener
parser
user input
0.001 Low
EPSS
Percentile
46.7%
Jettison is vulnerable to denial of service. The vulnerability exists in nextValue() function in JSONTokener.java where the attacker may supply content that causes the parser to crash by out of memory if the parser is running on user supplied input.
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
github.com/advisories/GHSA-x27m-9w8j-5vcw
github.com/jettison-json/jettison/commit/d3714681f61581810680df8e45858a4d30a602da
github.com/jettison-json/jettison/issues/45
lists.debian.org/debian-lts-announce/2022/12/msg00045.html
www.debian.org/security/2023/dsa-5312
Related
atlassian
atlassian
cve
cve
CVE-2022-40150
2022-09-16 10:15:09
cvelist
cvelist
CVE-2022-40150 Stack Buffer Overflow in Jettison
2022-09-16 00:00:00
osv
osv
CVE-2022-40150
2022-09-16 10:15:09
Jettison memory exhaustion
2022-09-17 00:00:41
libjettison-java - security update
2022-12-31 00:00:00
prion
prion
Input validation
2022-09-16 10:15:00
debiancve
debiancve
CVE-2022-40150
2022-09-16 10:15:09
redhatcve
redhatcve
CVE-2022-40150
2022-10-18 11:40:03
nvd
nvd
CVE-2022-40150
2022-09-16 10:15:09
github
github
Jettison memory exhaustion
2022-09-17 00:00:41
ubuntucve
ubuntucve
CVE-2022-40150
2022-09-16 00:00:00
ibm
ibm
nessus
nessus
Amazon Linux 2 : jettison (ALAS-2023-2086)
2023-06-13 00:00:00
Debian DLA-3259-1 : libjettison-java - LTS security update
2023-01-02 00:00:00
RHEL 7 : jettison (Unpatched Vulnerability)
2024-05-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3259-1)
2023-01-01 00:00:00
Debian: Security Advisory (DSA-5312-1)
2023-01-12 00:00:00
Ubuntu: Security Advisory (USN-6177-1)
2023-06-20 00:00:00
debian
debian
[SECURITY] [DLA 3259-1] libjettison-java security update
2022-12-31 17:25:15
[SECURITY] [DSA 5312-1] libjettison-java security update
2023-01-10 23:10:35
amazon
amazon
Important: jettison
2023-06-07 23:52:00
ubuntu
ubuntu
Jettison vulnerabilities
2023-06-19 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00