CGA-4jpg-2cg2-mfm8

Published

Last updated

https://images.chainguard.dev/security/CGA-4jpg-2cg2-mfm8

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2022-40150
GHSA-x27m-9w8j-5vcw

Severity

Unknown

Summary

Jettison memory exhaustion

Description

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40150
https://github.com/advisories/GHSA-x27m-9w8j-5vcw
https://github.com/jettison-json/jettison/issues/45
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
https://github.com/jettison-json/jettison
https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
https://www.debian.org/security/2023/dsa-5312

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-4jpg-2cg2-mfm8

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources