CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)

Summary Multiple vulnerabilities exist in Zookeeper that are used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Zookeeper and packages that are associated with Zookeeper that resolve the vulnerabilities. Vulnerability Details...

Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Summary IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments may be affected by the below FasterXML Jackson Databind and Apache Xerces vulnerabilities CVEs. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...

GHSA-4RV7-WJ6M-6C6R Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

GHSA-3F7H-MF4Q-VRM4 Denial of Service due to parser crash

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. This...

GHSA-FV22-XP26-MM9W Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

GHSA-5HC5-C3M9-8VCJ Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

GHSA-9FWF-46G9-45RX Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service due to parser crash

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. This...

Remote Code Execution

chromium is vulnerable to remote code execution. The vulnerability exists due to the deserialization of untrusted data in FasterXML jackson-databind, allowing a remote attackers to inject and execute malicious code...

Security Bulletin: IBM MQ Appliance is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-36518)

Summary IBM MQ Appliance has resolved FasterXML jackson-databind vulnerabilities. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-35618

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a...

Security Bulletin: IBM Tivoli Network Manager is vulnerable to XML external entity (XEE) attacks due to FasterXML (CVE-2020-25649)

Summary FasterXML Jackson Databind, used by IBM Tioli Network Manager,contains a flaw where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity. The library has been...

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)

Summary IBM Cúram Social Program Management uses the jackson-databind libraries, for which there is a publicly known vulnerability. FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2019-12086 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to obtain...

Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)

Summary There is a denial of service vulnerability in FasterXML jackson-databind CVE-2020-36518 open source library included in IBM Informix Dynamic Server for IBM InformixHQ. FasterXML jackson-databind 2.13.2.2 resolves the vulnerability. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION:...