Atlassian Jira Service Management Data Center and Server 5.7 < 5.12.19 / 5.13.x < 10.3.4 / 10.4.x < 10.5.0 (JSDSERVER-16086)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16086 advisory. - XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow...

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

Oracle Enterprise Manager Ops Center (Apr 2023 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by a DoS vulnerability in XStream component as referenced in the April 2023 CPU advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to...

FreeBSD : security/keycloak -- Multiple possible DoS attacks (9d9e9439-959e-11ed-b464-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9e9439-959e-11ed-b464-b42e991fc52e advisory. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS...

Debian DSA-5315-1 : libxstream-java - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5315 advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow...

[SECURITY] [DSA 5315-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5315-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...

XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

Stack overflow

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

EUVD-2022-7656

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

CVE-2022-41966

CVE-2022-41966 — XStream stack overflow DoS . The vulnerability affects XStream versions prior to 1.4.20, where the hashCode-based recursion on collection/map structures can overflow the stack when unmarshalling input, potentially crashing the application. The fix is in 1.4.20, which prevents the...