CGA-xg3g-4h7j-5c3r

Published

Last updated

https://images.chainguard.dev/security/CGA-xg3g-4h7j-5c3r

Package

sonarqube-10

Latest Update

Fixed

Fixed Version

25.1.0.102122-r0

Aliases

CVE-2022-40152
GHSA-3f7h-mf4q-vrm4

Severity

6.5

Medium

CVSS V3

Summary

Denial of Service due to parser crash

Description

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40152
https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
https://github.com/FasterXML/woodstox/issues/157
https://github.com/FasterXML/woodstox/issues/160
https://github.com/x-stream/xstream/issues/304
https://github.com/FasterXML/woodstox/pull/159
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
https://github.com/FasterXML/woodstox

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-xg3g-4h7j-5c3r

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources