Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-264P-99WQ-F4J6
HistoryJan 03, 2024 - 10:04 p.m.

Ion Java StackOverflow vulnerability

2024-01-0322:04:08
Google
osv.dev
9
denial of service
ion java
stackoverflowerror
data deserialization
security patch

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

Impact

A potential denial-of-service issue exists in ion-java for applications that use ion-java to:

  • Deserialize Ion text encoded data, or
  • Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation.

An actor could craft Ion data that, when loaded by the affected application and/or processed using the IonValue model, results in a StackOverflowError originating from the ion-java library.

Impacted versions: <1.10.5

Patches

The patch is included in ion-java >= 1.10.5.

Workarounds

Do not load data which originated from an untrusted source or that could have been tampered with. Only load data you trust.

If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to [email protected]. Please do not create a public GitHub issue.

[1] https://aws.amazon.com/security/vulnerability-reporting

Related

atlassian 4
ibm 10
cve 1
nessus 1
prion 1
cvelist 1
veracode 1
github 1
oracle 1
atlassian
atlassian
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and Server
2024-03-09 04:45:44
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and Server
2024-03-14 05:46:10
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Jira Software Data Center and Server
2024-04-09 13:49:21
ibm
ibm
Security Bulletin: There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application (CVE-2024-21634)
2024-04-05 15:16:50
Security Bulletin: IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634.
2024-04-02 17:16:38
Security Bulletin: There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-21634)
2024-05-07 20:26:41
cve
cve
CVE-2024-21634
2024-01-03 23:15:08
nessus
nessus
Atlassian Confluence < 7.19.20 / 7.20.x < 8.5.7 / 8.6.x < 8.9.0 (CONFSERVER-95099)
2024-05-02 00:00:00
prion
prion
Design/Logic Flaw
2024-01-03 23:15:00
cvelist
cvelist
CVE-2024-21634 Ion Java StackOverflow vulnerability
2024-01-03 22:46:03
veracode
veracode
Stack Overflow
2024-01-04 07:31:53
github
github
Ion Java StackOverflow vulnerability
2024-01-03 22:04:08
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON
Related for OSV:GHSA-264P-99WQ-F4J6
atlassian4ibm10cve1nessus1prion1cvelist1veracode1github1oracle1