CGA-ggrj-qvjf-rmxm

Published

Last updated

https://images.chainguard.dev/security/CGA-ggrj-qvjf-rmxm

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2022-40149
GHSA-56h3-78gp-v83r

Severity

Unknown

Summary

Jettison parser crash by stackoverflow

Description

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40149
https://github.com/advisories/GHSA-56h3-78gp-v83r
https://github.com/jettison-json/jettison/issues/45
https://github.com/jettison-json/jettison/pull/49/files
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
https://github.com/jettison-json/jettison
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1
https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html
https://www.debian.org/security/2023/dsa-5312

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-ggrj-qvjf-rmxm

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources