Vulnerability

CVE-2022-40151

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121

References

https://github.com/x-stream/xstream/issues/304
https://github.com/x-stream/xstream/issues/314
https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm
https://x-stream.github.io/CVE-2022-40151.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40151

[CVE-2022-40151] CWE-121: Stack-based Buffer Overflow

Description

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

See com.thoughtworks.xstream/xstream package information