CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

CVE-2025-52999

CVE-2025-52999 concerns Jackson Core: in versions before 2.15.0, parsing input with deeply nested data can trigger a StackOverflowError. Jackson-core 2.15.0 introduces a configurable depth limit (default 1000) and throws StreamConstraintsException when exceeded. Jackson-databind benefits from thi...

PT-2025-26867

Name of the Vulnerable Software and Affected Versions: jackson-core versions prior to 2.15.0 Description: The issue arises when parsing input files with deeply nested data, potentially causing a StackoverflowError due to excessive depth. A configurable limit for traversal depth has been introduce...

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

CVE-2010-4807

Race condition in IBM Web Content Manager WCM 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service infinite recursive query via unspecified vectors, related to a StackOverflowError exception...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

Linux Distros Unpatched Vulnerability : CVE-2023-1436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads...

CVE-2024-47072

CVE-2024-47072 affects the XStream library. When configured to use the BinaryStreamDriver, processing manipulated binary input can trigger a stack overflow, leading to a Denial of Service. XStream 1.4.21 mitigates this by detecting the input manipulation and throwing an InputManipulationException...

Security Bulletin: Vulnerability in Netty affects watsonx.data

Summary Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to HTTP request smuggling, to remote attacks causing weaker than expected security, and to denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw...

CVE-2024-21634

A vulnerability was found in Amazon Ion, an implementation of Ion data notation. Ion-java may be affected by denial of service DoS due to issues while deserializing encoded data into IonValue. A maliciously crafted Ion data structure may be processed and cause a StackOverflowError, leaving the...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

Atlassian Jira Service Management Data Center and Server < 5.4.18 / 5.5.x < 5.12.6 / 5.13.x < 5.15.0 (JSDSERVER-15308)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15308 advisory. - Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-26049 -...

RHEL 8 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

SUSE-SU-2024:1377-1 Security update for apache-commons-configuration

This update for apache-commons-configuration fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclica...

SUSE-SU-2024:1365-1 Security update for apache-commons-configuration2

This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclic...

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Confluence Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 5.6 of Confluence Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

Out-of-Bounds Write

Apache Commons Configuration is vulnerable to Out-of-Bounds Write. The vulnerability is due to improper handling of a cyclical object tree, which can trigger a StackOverflowError when the ListDelimiterHandler.flatten method is called. This occurs because the method recursively traverses the objec...