CVE-2022-40150

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-40150

Severity

7.5

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40150
https://github.com/advisories/GHSA-x27m-9w8j-5vcw
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
https://github.com/jettison-json/jettison/issues/45
https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
https://www.debian.org/security/2023/dsa-5312

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2022-40150

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company