CVE-2017-7957

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-7957

Severity

7.5

High

CVSS V3

Description

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.

References

https://images.chainguard.dev/security/CGA-g82j-p47m-j52g
https://github.com/advisories/GHSA-7hwc-46rm-65jh
http://www.securityfocus.com/bid/100687
http://www.securitytracker.com/id/1039499
https://www-prd-trops.events.ibm.com/node/715749
http://www.debian.org/security/2017/dsa-3841
http://x-stream.github.io/CVE-2017-7957.html
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2017:2888
https://access.redhat.com/errata/RHSA-2017:2889
https://exchange.xforce.ibmcloud.com/vulnerabilities/125800

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2017-7957

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company