[java-sig-commits] [Bug 2134290] New: CVE-2022-40153 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

13 Oct 2022


      https://bugzilla.redhat.com/show_bug.cgi?id=2134290
Bug ID: 2134290
           Summary: CVE-2022-40153 xstream: Xstream to serialise XML data
                    was vulnerable to Denial of Service attacks
           Product: Security Response
          Hardware: All
                OS: Linux
            Status: NEW
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: pdelbell@redhat.com
                CC: didiksupriadi41@gmail.com,
                    fedoraproject.org@bluhm-de.com,
                    java-sig-commits@lists.fedoraproject.org,
                    lkundrak@v3.sk, mizdebsk@redhat.com
            Blocks: 2128414
  Target Milestone: ---
    Classification: Other
Those using Xstream to seralize XML data may be vulnerable to Denial of Service
attacks (DOS). If the parser is running on user supplied input, an attacker may
supply content that causes the parser to crash by stackoverflow. This effect
may support a denial of service attack.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49858
https://github.com/x-stream/xstream/issues/304
-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2134290

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 2134290] New: CVE-2022-40153 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks