Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-0671
Vulnerability from csaf_certbund
Published
2024-03-19 23:00
Modified
2024-11-24 23:00
Summary
Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Jira ist eine Webanwendung zur Softwareentwicklung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0671 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0671.json", }, { category: "self", summary: "WID-SEC-2024-0671 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0671", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-03-19", url: "https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html", }, ], source_lang: "en-US", title: "Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS", tracking: { current_release_date: "2024-11-24T23:00:00.000+00:00", generator: { date: "2024-11-25T09:15:33.636+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0671", initial_release_date: "2024-03-19T23:00:00.000+00:00", revision_history: [ { date: "2024-03-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-03-20T23:00:00.000+00:00", number: "2", summary: "CVSS korrigiert", }, { date: "2024-11-24T23:00:00.000+00:00", number: "3", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Data Center and Server <9.14.1", product: { name: "Atlassian Jira Software Data Center and Server <9.14.1", product_id: "T033559", }, }, { category: "product_version", name: "Data Center and Server 9.14.1", product: { name: "Atlassian Jira Software Data Center and Server 9.14.1", product_id: "T033559-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.14.1", }, }, }, { category: "product_version_range", name: "Data Center <9.14.0", product: { name: "Atlassian Jira Software Data Center <9.14.0", product_id: "T033561", }, }, { category: "product_version", name: "Data Center 9.14.0", product: { name: "Atlassian Jira Software Data Center 9.14.0", product_id: "T033561-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center__9.14.0", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.13.1", product: { name: "Atlassian Jira Software Data Center and Server <9.13.1", product_id: "T033563", }, }, { category: "product_version", name: "Data Center and Server 9.13.1", product: { name: "Atlassian Jira Software Data Center and Server 9.13.1", product_id: "T033563-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.13.1", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.12.5", product: { name: "Atlassian Jira Software Data Center and Server <9.12.5", product_id: "T033564", }, }, { category: "product_version", name: "Data Center and Server 9.12.5", product: { name: "Atlassian Jira Software Data Center and Server 9.12.5", product_id: "T033564-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.12.5", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.4.18", product: { name: "Atlassian Jira Software Data Center and Server <9.4.18", product_id: "T033566", }, }, { category: "product_version", name: "Data Center and Server 9.4.18", product: { name: "Atlassian Jira Software Data Center and Server 9.4.18", product_id: "T033566-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.4.18", }, }, }, ], category: "product_name", name: "Jira Software", }, ], category: "vendor", name: "Atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24839", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-28366", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-28366", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-3509", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-3509", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-41704", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-41704", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-45685", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-45685", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-39410", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-39410", }, { cve: "CVE-2023-43642", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-43642", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-5072", }, ], }
cve-2022-40149
Vulnerability from cvelistv5
Published
2022-09-16 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538", }, { tags: [ "x_transferred", ], url: "https://github.com/jettison-json/jettison/issues/45", }, { name: "[debian-lts-announce] 20221110 [SECURITY] [DLA 3184-1] libjettison-java security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Jettison", vendor: "Jettison", versions: [ { lessThanOrEqual: "1.4.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538", }, { url: "https://github.com/jettison-json/jettison/issues/45", }, { name: "[debian-lts-announce] 20221110 [SECURITY] [DLA 3184-1] libjettison-java security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], source: { discovery: "INTERNAL", }, title: "Stack Buffer Overflow in Jettison", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-40149", datePublished: "2022-09-16T00:00:00", dateReserved: "2022-09-07T00:00:00", dateUpdated: "2024-08-03T12:14:39.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1436
Vulnerability from cvelistv5
Published
2023-03-16 20:59
Modified
2025-02-26 15:02
Severity ?
EPSS score ?
Summary
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:49:11.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1436", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T15:02:11.232279Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T15:02:24.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://mvnrepository.com", packageName: "org.codehaus.jettison:jettison", product: "jettison", vendor: "jettison", versions: [ { lessThan: "1.5.4", status: "affected", version: "0", versionType: "maven", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.</p>", }, ], value: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "CWE-674 Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-22T04:59:51.072Z", orgId: "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", shortName: "JFROG", }, references: [ { url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], source: { discovery: "INTERNAL", }, title: "Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray", }, }, cveMetadata: { assignerOrgId: "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", assignerShortName: "JFROG", cveId: "CVE-2023-1436", datePublished: "2023-03-16T20:59:51.072Z", dateReserved: "2023-03-16T20:44:44.527Z", dateUpdated: "2025-02-26T15:02:24.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34455
Vulnerability from cvelistv5
Published
2023-06-15 17:15
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.
The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.
In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.
Version 1.1.10.1 contains a patch for this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xerial | snappy-java |
Version: < 1.1.10.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh", }, { name: "https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/SnappyInputStream.java#L388", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/SnappyInputStream.java#L388", }, { name: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230818-0009/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34455", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-11T21:14:09.247879Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-11T21:14:16.934Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "snappy-java", vendor: "xerial", versions: [ { status: "affected", version: "< 1.1.10.1", }, ], }, ], descriptions: [ { lang: "en", value: "snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.\n\nThe code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.\n\nIn the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.\n\nVersion 1.1.10.1 contains a patch for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-18T13:06:30.216Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh", }, { name: "https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/SnappyInputStream.java#L388", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/SnappyInputStream.java#L388", }, { name: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java", }, { url: "https://security.netapp.com/advisory/ntap-20230818-0009/", }, ], source: { advisory: "GHSA-qcwq-55hx-v3vh", discovery: "UNKNOWN", }, title: "snappy-java's unchecked chunk length leads to DoS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-34455", datePublished: "2023-06-15T17:15:00.311Z", dateReserved: "2023-06-06T16:16:53.559Z", dateUpdated: "2025-02-13T16:55:35.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34169
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xalan-J |
Version: Xalan-J < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:16:17.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { name: "DSA-5188", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { name: "DSA-5256", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-25", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Xalan-J", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.7.2", status: "affected", version: "Xalan-J", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Reported by Felix Wilhelm, Google Project Zero", }, ], descriptions: [ { lang: "en", value: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", }, ], problemTypes: [ { descriptions: [ { description: "integer truncation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:47.103Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { name: "DSA-5188", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { name: "DSA-5256", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { url: "https://security.gentoo.org/glsa/202401-25", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-34169", datePublished: "2022-07-19T00:00:00.000Z", dateReserved: "2022-06-21T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:44.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45685
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:04.036Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/jettison-json/jettison/issues/54", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/jettison-json/jettison/issues/54", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45685", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-21T00:00:00", dateUpdated: "2024-08-03T14:17:04.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5072
Vulnerability from cvelistv5
Published
2023-10-12 16:13
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://github.com/stleary/JSON-java | n/a |
Version: 0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.789Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/stleary/JSON-java/issues/758", }, { tags: [ "x_transferred", ], url: "https://github.com/stleary/JSON-java/issues/771", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/13/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-5072", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T16:23:55.801589Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T16:24:03.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "n/a", vendor: "https://github.com/stleary/JSON-java", versions: [ { lessThanOrEqual: "20230618", status: "affected", version: "0", versionType: "date", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Denial of Service in </span><span style=\"background-color: rgb(255, 255, 255);\">JSON-Java versions up to and including 20230618. </span><span style=\"background-color: rgb(255, 255, 255);\">A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span><br>", }, ], value: "Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.", }, ], impacts: [ { capecId: "CAPEC-197", descriptions: [ { lang: "en", value: "CAPEC-197 Exponential Data Expansion", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:08:23.050Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/stleary/JSON-java/issues/758", }, { url: "https://github.com/stleary/JSON-java/issues/771", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/13/4", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "DoS Vulnerability in JSON-Java", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-5072", datePublished: "2023-10-12T16:13:27.974Z", dateReserved: "2023-09-19T18:29:03.608Z", dateUpdated: "2025-02-13T17:19:28.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43642
Vulnerability from cvelistv5
Published
2023-09-25 19:03
Modified
2024-09-24 15:26
Severity ?
EPSS score ?
Summary
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv | x_refsource_CONFIRM | |
| https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xerial | snappy-java |
Version: < 1.1.10.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:44:43.818Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv", }, { name: "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-43642", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T15:26:43.352715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T15:26:53.851Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "snappy-java", vendor: "xerial", versions: [ { status: "affected", version: "< 1.1.10.4", }, ], }, ], descriptions: [ { lang: "en", value: "snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-25T19:03:49.145Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv", }, { name: "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5", }, ], source: { advisory: "GHSA-55g7-9cwv-5qfv", discovery: "UNKNOWN", }, title: "Missing upper bound check on chunk length in snappy-java ", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-43642", datePublished: "2023-09-25T19:03:49.145Z", dateReserved: "2023-09-20T15:35:38.146Z", dateUpdated: "2024-09-24T15:26:53.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40150
Vulnerability from cvelistv5
Published
2022-09-16 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/jettison-json/jettison/issues/45", }, { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Jettison", vendor: "Jettison", versions: [ { lessThanOrEqual: "1.4.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/jettison-json/jettison/issues/45", }, { url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], source: { discovery: "INTERNAL", }, title: "Stack Buffer Overflow in Jettison", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-40150", datePublished: "2022-09-16T00:00:00", dateReserved: "2022-09-07T00:00:00", dateUpdated: "2024-08-03T12:14:39.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45688
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:04.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/dromara/hutool/issues/2748", }, { tags: [ "x_transferred", ], url: "https://github.com/stleary/JSON-java/issues/708", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/dromara/hutool/issues/2748", }, { url: "https://github.com/stleary/JSON-java/issues/708", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45688", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-21T00:00:00", dateUpdated: "2024-08-03T14:17:04.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24839
Vulnerability from cvelistv5
Published
2022-04-11 21:25
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv | x_refsource_CONFIRM | |
| https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sparklemotion | nekohtml |
Version: < 1.9.22.noko2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "nekohtml", vendor: "sparklemotion", versions: [ { status: "affected", version: "< 1.9.22.noko2", }, ], }, ], descriptions: [ { lang: "en", value: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:52:31", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { advisory: "GHSA-9849-p7jc-9rmv", discovery: "UNKNOWN", }, title: "Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24839", STATE: "PUBLIC", TITLE: "Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "nekohtml", version: { version_data: [ { version_value: "< 1.9.22.noko2", }, ], }, }, ], }, vendor_name: "sparklemotion", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv", refsource: "CONFIRM", url: "https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv", }, { name: "https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d", refsource: "MISC", url: "https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { advisory: "GHSA-9849-p7jc-9rmv", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24839", datePublished: "2022-04-11T21:25:12", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-08-03T04:20:50.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34453
Vulnerability from cvelistv5
Published
2023-06-15 16:12
Modified
2024-12-12 16:27
Severity ?
EPSS score ?
Summary
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.
The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.
The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.
Version 1.1.10.1 contains a patch for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xerial | snappy-java |
Version: < 1.1.10.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.005Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf", }, { name: "https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107", }, { name: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34453", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T16:27:45.579743Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T16:27:54.359Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "snappy-java", vendor: "xerial", versions: [ { status: "affected", version: "< 1.1.10.1", }, ], }, ], descriptions: [ { lang: "en", value: "snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.\n\nThe function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.\n\nThe same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.\n\nVersion 1.1.10.1 contains a patch for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T16:12:34.119Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf", }, { name: "https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107", }, { name: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java", }, ], source: { advisory: "GHSA-pqr6-cmr2-h8hf", discovery: "UNKNOWN", }, title: "snappy-java's Integer Overflow vulnerability in shuffle leads to DoS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-34453", datePublished: "2023-06-15T16:12:34.119Z", dateReserved: "2023-06-06T16:16:53.558Z", dateUpdated: "2024-12-12T16:27:54.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42890
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache XML Graphics |
Version: Batik < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.216Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly", }, { name: "[oss-security] 20221025 [CVE-2022-42890] Apache Batik information disclosure vulnerability", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/10/25/3", }, { name: "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html", }, { name: "DSA-5264", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5264", }, { name: "GLSA-202401-11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache XML Graphics", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.15", status: "affected", version: "Batik", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was independently reported by Y4tacker and 4ra1n of Chaitin Tech", }, ], descriptions: [ { lang: "en", value: "A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution via batik scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-07T11:06:20.509832", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly", }, { name: "[oss-security] 20221025 [CVE-2022-42890] Apache Batik information disclosure vulnerability", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/10/25/3", }, { name: "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html", }, { name: "DSA-5264", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5264", }, { name: "GLSA-202401-11", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-11", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Batik prior to 1.16 allows RCE via scripting", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-42890", datePublished: "2022-10-25T00:00:00", dateReserved: "2022-10-12T00:00:00", dateUpdated: "2024-08-03T13:19:05.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29546
Vulnerability from cvelistv5
Published
2022-04-25 02:54
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:06.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-25T02:54:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-29546", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", refsource: "CONFIRM", url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29546", datePublished: "2022-04-25T02:54:59", dateReserved: "2022-04-21T00:00:00", dateUpdated: "2024-08-03T06:26:06.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3509
Vulnerability from cvelistv5
Published
2022-11-01 18:09
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ProtocolBuffers |
Version: 3.21.0 ≤ Version: 3.20.0 ≤ Version: 3.19.0 ≤ Version: 3.16.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:02.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "all", ], product: "ProtocolBuffers", repo: "https://github.com/protocolbuffers/protobuf/", vendor: "Google", versions: [ { lessThan: "3.21.7", status: "affected", version: "3.21.0", versionType: "semver", }, { lessThan: "3.20.3", status: "affected", version: "3.20.0", versionType: "semver", }, { lessThan: "3.19.6", status: "affected", version: "3.19.0", versionType: "semver", }, { lessThan: "3.16.3", status: "affected", version: "3.16.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.</span>", }, ], value: "A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-12T12:11:04.548862Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9", }, ], source: { discovery: "UNKNOWN", }, title: "Parsing issue in protobuf textformat", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-3509", datePublished: "2022-11-01T18:09:31.634Z", dateReserved: "2022-10-14T13:51:45.771Z", dateUpdated: "2024-08-03T01:14:02.398Z", requesterUserId: "0482d1dc-86d9-41dd-bdd2-3f4c4834e1b3", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40146
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache XML Graphics |
Version: Batik 1.14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, { name: "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html", }, { name: "GLSA-202401-11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache XML Graphics", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Batik 1.14", }, ], }, ], descriptions: [ { lang: "en", value: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-07T11:06:18.978965", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, { name: "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html", }, { name: "GLSA-202401-11", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-11", }, ], source: { discovery: "UNKNOWN", }, title: "Jar url should be blocked by DefaultScriptSecurity", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-40146", datePublished: "2022-09-22T00:00:00", dateReserved: "2022-09-07T00:00:00", dateUpdated: "2024-08-03T12:14:39.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39410
Vulnerability from cvelistv5
Published
2023-09-29 16:23
Modified
2025-02-13 17:03
Severity ?
EPSS score ?
Summary
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Avro Java SDK |
Version: 0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:avro:-:*:*:*:*:rust:*:*", ], defaultStatus: "unknown", product: "avro", vendor: "apache", versions: [ { lessThan: "1.11.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39410", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T19:07:20.270770Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T19:09:26.935Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T18:10:20.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/09/29/6", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Avro Java SDK", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.11.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Adam Korczynski at ADA Logics Ltd", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.</div><div><br></div><div>This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.</div><div><br></div>", }, ], value: "When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:06:21.390Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds", }, { url: "https://www.openwall.com/lists/oss-security/2023/09/29/6", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], source: { defect: [ "AVRO-3819", ], discovery: "EXTERNAL", }, title: "Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-39410", datePublished: "2023-09-29T16:23:34.021Z", dateReserved: "2023-07-31T17:55:21.702Z", dateUpdated: "2025-02-13T17:03:03.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28366
Vulnerability from cvelistv5
Published
2022-04-21 22:41
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nahsra/antisamy/releases/tag/v1.6.6 | x_refsource_MISC | |
| https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit | x_refsource_MISC | |
| https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:15.220Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-26T14:35:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { tags: [ "x_refsource_MISC", ], url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28366", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", refsource: "MISC", url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { name: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", refsource: "MISC", url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { name: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", refsource: "MISC", url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28366", datePublished: "2022-04-21T22:41:53", dateReserved: "2022-04-03T00:00:00", dateUpdated: "2024-08-03T05:56:15.220Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41704
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache XML Graphics |
Version: Batik < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:44.004Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf", }, { name: "[oss-security] 20221025 [CVE-2022-41704] Apache Batik information disclosure vulnerability", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/10/25/2", }, { name: "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html", }, { name: "DSA-5264", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5264", }, { name: "GLSA-202401-11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache XML Graphics", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.15", status: "affected", version: "Batik", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was independently reported by 4ra1n of Chaitin Tech and pwnull", }, ], descriptions: [ { lang: "en", value: "A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.", }, ], problemTypes: [ { descriptions: [ { description: "A jar file can be loaded from svg script element", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-07T11:06:25.134503", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf", }, { name: "[oss-security] 20221025 [CVE-2022-41704] Apache Batik information disclosure vulnerability", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/10/25/2", }, { name: "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html", }, { name: "DSA-5264", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5264", }, { name: "GLSA-202401-11", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-11", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-41704", datePublished: "2022-10-25T00:00:00", dateReserved: "2022-09-28T00:00:00", dateUpdated: "2024-08-03T12:49:44.004Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34454
Vulnerability from cvelistv5
Published
2023-06-15 16:27
Modified
2024-12-12 16:25
Severity ?
EPSS score ?
Summary
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.
The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.
Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.
Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.
The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.
Version 1.1.10.1 contains a patch for this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xerial | snappy-java |
Version: < 1.1.10.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r", }, { name: "https://github.com/xerial/snappy-java/commit/d0042551e4a3509a725038eb9b2ad1f683674d94", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/commit/d0042551e4a3509a725038eb9b2ad1f683674d94", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L169", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L169", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L422", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L422", }, { name: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/Snappy.java", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/Snappy.java", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34454", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T16:25:27.375881Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T16:25:36.036Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "snappy-java", vendor: "xerial", versions: [ { status: "affected", version: "< 1.1.10.1", }, ], }, ], descriptions: [ { lang: "en", value: "snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.\n\nThe function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.\n\nSince the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.\n\nSince the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.\n\nThe same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.\n\nVersion 1.1.10.1 contains a patch for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T16:27:45.467Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r", }, { name: "https://github.com/xerial/snappy-java/commit/d0042551e4a3509a725038eb9b2ad1f683674d94", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/commit/d0042551e4a3509a725038eb9b2ad1f683674d94", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L169", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L169", }, { name: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L422", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/Snappy.java#L422", }, { name: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/Snappy.java", tags: [ "x_refsource_MISC", ], url: "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/Snappy.java", }, ], source: { advisory: "GHSA-fjpj-2g6w-x25r", discovery: "UNKNOWN", }, title: "snappy-java's Integer Overflow vulnerability in compress leads to DoS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-34454", datePublished: "2023-06-15T16:27:45.467Z", dateReserved: "2023-06-06T16:16:53.559Z", dateUpdated: "2024-12-12T16:25:36.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3171
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Protocolbuffers |
Version: 3.21.7 < 3.21.7 Version: 3.20.3 < 3.20.3 Version: 3.19.6 < 3.19.6 Version: 3.16.3 < 3.16.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.773Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", }, { name: "FEDORA-2022-25f35ed634", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/", }, { name: "GLSA-202301-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202301-09", }, { name: "FEDORA-2022-15729fa33d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "core and lite", ], product: "Protocolbuffers", vendor: "Google LLC", versions: [ { lessThan: "3.21.7", status: "affected", version: "3.21.7", versionType: "custom", }, { lessThan: "3.20.3", status: "affected", version: "3.20.3", versionType: "custom", }, { lessThan: "3.19.6", status: "affected", version: "3.19.6", versionType: "custom", }, { lessThan: "3.16.3", status: "affected", version: "3.16.3", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T00:00:00", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", }, { name: "FEDORA-2022-25f35ed634", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/", }, { name: "GLSA-202301-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202301-09", }, { name: "FEDORA-2022-15729fa33d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/", }, ], source: { discovery: "INTERNAL", }, title: "Memory handling vulnerability in ProtocolBuffers Java core and lite", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-3171", datePublished: "2022-10-12T00:00:00", dateReserved: "2022-09-09T00:00:00", dateUpdated: "2024-08-03T01:00:10.773Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.