Lucene search
+L

6 matches found

Debian CVE
Debian CVE
added 2024/11/07 11:38 p.m.17 views

CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.1AI score0.02015EPSS
Exploits0
OSV
OSV
added 2024/11/07 9:51 p.m.4 views

GHSA-HFQ9-HGGM-C56Q XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

8.7CVSS6.8AI score0.02015EPSS
Exploits0References7
OSV
OSV
added 2023/12/15 11:6 a.m.1 views

OESA-2023-1929 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

8.2CVSS8.9AI score0.08689EPSS
Exploits2References3
OSV
OSV
added 2022/12/30 4:58 p.m.1 views

GHSA-F8CC-G7J8-XXPM XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

7.5CVSS7.2AI score0.01022EPSS
Exploits1References7
OSV
OSV
added 2022/12/28 12:15 a.m.1 views

DEBIAN-CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

7.5CVSS6.7AI score0.08689EPSS
Exploits1References1
OSV
OSV
added 2022/12/28 12:15 a.m.10 views

UBUNTU-CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

8.2CVSS6.8AI score0.08689EPSS
Exploits1References5
Rows per page
Query Builder