Lucene search
Veracode Vulnerability DatabaseVERACODE:37382HistoryOct 03, 2022 - 4:26 a.m.
Denial Of Service (DoS)
2022-10-0304:26:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.003 Low
EPSS
Percentile
66.3%
jackson-databind is vulnerable to Denial Of Service (DoS). The vulnerability exists in _deserializeFromArray function in BeanDeserializer.java due to resource exhaustion when processing a deeply nested array which allows an attacker to cause an application crash via a malicious input.
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
github.com/advisories/GHSA-rgv9-q543-rqg4
github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
github.com/FasterXML/jackson-databind/issues/3582
lists.debian.org/debian-lts-announce/2022/11/msg00035.html
security.gentoo.org/glsa/202210-21
security.netapp.com/advisory/ntap-20221118-0008/
www.debian.org/security/2022/dsa-5283
Related
osv
osv
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
CVE-2022-42004
2022-10-02 05:15:09
jackson-databind - security update
2022-11-17 00:00:00
nessus
nessus
F5 Networks BIG-IP : FasterXML vulnerability (K000132725)
2023-06-23 00:00:00
Atlassian Jira Service Management Data Center and Server < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14752)
2023-11-24 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
ibm
ibm
Security Bulletin: Due to use of FasterXML Jackson-databind, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial of service.
2023-09-05 10:05:58
atlassian
atlassian
cve
cve
CVE-2022-42004
2022-10-02 05:15:09
wolfi
wolfi
CVE-2022-42004 vulnerabilities
2024-05-29 03:07:31
cgr
cgr
CVE-2022-42004 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2022-42004
2022-10-02 05:15:09
f5
f5
K000132725 : FasterXML vulnerability CVE-2022-42004
2023-03-22 00:00:00
cvelist
cvelist
CVE-2022-42004
2022-10-02 00:00:00
github
github
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
debiancve
debiancve
CVE-2022-42004
2022-10-02 05:15:09
ubuntucve
ubuntucve
CVE-2022-42004
2022-10-02 00:00:00
broadcom
broadcom
prion
prion
Deserialization of untrusted data
2022-10-02 05:15:00
redhatcve
redhatcve
CVE-2022-42004
2022-10-17 07:01:06
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
redhat
redhat
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00