CVE-2022-40149

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

References

Affected packages

Debian:11 / libjettison-java

Package

Name: libjettison-java
Purl: pkg:deb/debian/libjettison-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.3-1~deb11u1

Affected versions

1.*

1.4.1-1

1.5.1-1

1.5.3-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libjettison-java

Package

Name: libjettison-java
Purl: pkg:deb/debian/libjettison-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libjettison-java

Package

Name: libjettison-java
Purl: pkg:deb/debian/libjettison-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libjettison-java

Package

Name: libjettison-java
Purl: pkg:deb/debian/libjettison-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/jettison-json/jettison

Affected ranges

Type: GIT
Repo: https://github.com/jettison-json/jettison
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2b536fa46428bc7929aec8cb789f544337375593

Affected versions

jettison-1.*

jettison-1.3.8

jettison-1.4.0