cve 2022 40152

Oracle WebLogic: CVE-2022-40152 : Critical Patch Update

Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

CVE-2022-40152

CVE-2022-40152. PUBLISHED. View JSON. Stack Buffer Overflow in Woodstox. Important CVE Record Format Information. Assigner: Google LLC. Published: …

CVE-2022-40152 | GitLab Advisory Database

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

CVE-2022-40152: Denial of Service due to parser crash in com

<p>CVE-2022-40152: Denial of Service due to parser crash in com.fasterxml.woodstox:woodstox-core. This vulnerability allows an attacker to launch a Denial of Service (DOS) attack by causing the parser to crash. Update to version 6.4.0 or later to fix the vulnerability.</p>

CVE-2022-40152 | Tenable®

Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on …

CVE-2022-40152

CVE-2022-40152. Severity: High. CVSS Score: 7.5. The Woodstox third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-40152 vulnerability description. However, the Oxygen products does not enable DTD support. For that reason, Oxygen XML products are not affected by this vulnerability.

CVE-2022-40152 ≈ Packet Storm

CVE-2022-40152. Status Candidate. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Oracle WebLogic Server (Apr 2023 CPU) | Tenable®

(CVE-2022-40152) - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to …

ソリューションをする Tenable®

We would like to show you a description here but the site won''t allow us.

NVD

CVE-2022-46152 Detail Description . OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and …

Microsoft のについて(202211) | セキュリ …

. 2022119（）に Microsoft にするのプログラムがされています。 これらのをされた、アプリケーションプログラムがしたり、によってパソコンをされたりして、々ながするおそれがあ …

Security Bulletin: IBM Storage Protect Client and IBM Storage …

Vulnerability Details. CVEID: CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.

Denial of Service due to parser crash · CVE-2022-40152

If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial …

CVE-2022-40152

CVE-2022-40152. Public on 2022-09-16. Modified on 2024-02-12. Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may ...

CVE-2022-40152

If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. This vulnerability is only relevant for users making use of the DTD parsing functionality. View details on CVE-2022-40152, including its impact, common weakness ...

Out-of-bounds Write in xstream | CVE-2022-40152 | Snyk

NVD Description. Note: Versions mentioned in the description apply only to the upstream xstream package and not the xstream package as distributed by Centos. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an …

Security Bulletin: IBM ECM Content Management Interoperability …

Vulnerability Details. CVEID: CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.

CVE-2022-40152

Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) woodstox/XStream security vulnerability CVE-2022-40152 2023-05-03 18:35:32 Security Bulletin: IBM Storage Protect Client and IBM Storage Protect for Space Management are vulnerable to denial of service due to CVEs in XStream (woodstox) …

Security Bulletin: IBM QRadar User Behavior Analytics is …

CVEID: CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. CVSS Base score: 6.5

NVD

NVD - CVE-2022-40152. Information Technology Laboratory. Vulnerabilities. NOTICE UPDATED - May, 29th 2024. The NVD has a new …

[FP]: CVE-2022-40152 vs stax2-api #5436

That''s what the CPE suppression fixes. When you use ODC 8.x it will automatically use the suppression-file hosted on github-pages and you should no longer get the CVE flagged on stax2-api. 👍 1. aikebah …

Out-of-bounds Write in com.fasterxml.woodstox:woodstox-core

Out-of-bounds Write. CVE-2022-40152. Severity High. Score 7.5/10. Summary. Those using woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow.

2134291 – (CVE-2022-40152) CVE-2022-40152 woodstox-core

Bug 2134291 (CVE-2022-40152) - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks. Summary: CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable t... Keywords: Status: CLOSED ERRATA Alias: CVE-2022-40152 Product: Security Response ...

CVE-2022-40152 (High) detected in woodstox-core-6.2.6.jar

CVE-2022-40152 - High Severity Vulnerability Vulnerable Library - woodstox-core-6.2.6.jar Woodstox is a high-performance XML processor that implements Stax (JSR-173), SAX2 and Stax2 APIs Library ho...

Oracle WebLogic: CVE-2022-40152 : Critical Patch Update

Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on …

CVE-2022-40151 xstream_project xstream . CVE . CVE-2022-40151. . . . . 2022-09-16. . Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). ...

CVE-2022-40152 Report

CVE-2022-40152 is a high-severity vulnerability affecting systems that use the Woodstox XML parser with DTD support enabled. This vulnerability can lead to Denial of Service …

CVE-2022-40152

cve-2022-40152 T hose using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is …

[CVE-2022-40152] CWE-787: Out-of-bounds Write

[CVE-2022-40152] CWE-787: Out-of-bounds Write. Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of ...

CVE

Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied …

NVD

NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA. Note: The NVD and the CNA have provided the same score. When this occurs only the CNA information is displayed, but the Acceptance Level icon for the CNA is given a ...

CVE-2022-40152 | GitLab Advisory Database

Description. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied …

CVE-2022-40152

Name. CVE-2022-40152. Description. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

CVE-2022-40152 : Those using Woodstox to parse XML data …

CVE-2022-40152 : Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

NVD

CVE-2022-40150 Detail Description . Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.