jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 05:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/FasterXML/jackson-databind/issues/2816 - Issue Tracking, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html - Exploit, Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20220506-0004/ - Third Party Advisory | |
References | () https://www.debian.org/security/2022/dsa-5283 - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory |
Information
Published : 2022-03-11 07:15
Updated : 2024-11-21 05:29
NVD link : CVE-2020-36518
Mitre link : CVE-2020-36518
CVE.ORG link : CVE-2020-36518
JSON object : View
Products Affected
netapp
- oncommand_workflow_automation
- cloud_insights_acquisition_unit
- active_iq_unified_manager
- oncommand_insight
- snap_creator_framework
oracle
- graph_server_and_client
- communications_cloud_native_core_network_repository_function
- communications_billing_and_revenue_management
- primavera_p6_enterprise_project_portfolio_management
- commerce_platform
- financial_services_trade-based_anti_money_laundering
- weblogic_server
- communications_cloud_native_core_service_communication_proxy
- spatial_studio
- communications_cloud_native_core_binding_support_function
- utilities_framework
- communications_cloud_native_core_security_edge_protection_proxy
- communications_cloud_native_core_unified_data_repository
- sd-wan_edge
- financial_services_behavior_detection_platform
- financial_services_enterprise_case_management
- big_data_spatial_and_graph
- global_lifecycle_management_nextgen_oui_framework
- financial_services_analytical_applications_infrastructure
- primavera_gateway
- communications_cloud_native_core_console
- communications_cloud_native_core_network_slice_selection_function
- global_lifecycle_management_opatch
- primavera_unifier
- retail_sales_audit
- financial_services_crime_and_compliance_management_studio
- coherence
- health_sciences_empirica_signal
- peoplesoft_enterprise_peopletools
fasterxml
- jackson-databind
debian
- debian_linux
CWE
CWE-787
Out-of-bounds Write