CGA-x4qp-2ggp-3xgp

Published

Last updated

https://images.chainguard.dev/security/CGA-x4qp-2ggp-3xgp

Package

druid

RepositoryWolfi

Latest Update

Not affected

Aliases

CVE-2022-40152
GHSA-3f7h-mf4q-vrm4

Severity

Unknown

Summary

Denial of Service due to parser crash

Description

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40152
https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
https://github.com/FasterXML/woodstox/issues/157
https://github.com/FasterXML/woodstox/issues/160
https://github.com/x-stream/xstream/issues/304
https://github.com/FasterXML/woodstox/pull/159
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
https://github.com/FasterXML/woodstox

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-x4qp-2ggp-3xgp

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources