Vulnerability

CVE-2022-40152

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787

References

https://github.com/FasterXML/woodstox/issues/157
https://github.com/FasterXML/woodstox/issues/160
https://github.com/FasterXML/woodstox/pull/159
https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40152

[CVE-2022-40152] CWE-787: Out-of-bounds Write

Description

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up
See com.fasterxml.woodstox/woodstox-core package information