CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:29

Type Values Removed Values Added
References () https://github.com/FasterXML/jackson-databind/issues/2816 - Issue Tracking, Third Party Advisory () https://github.com/FasterXML/jackson-databind/issues/2816 - Issue Tracking, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html - Exploit, Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html - Exploit, Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20220506-0004/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20220506-0004/ - Third Party Advisory
References () https://www.debian.org/security/2022/dsa-5283 - Third Party Advisory () https://www.debian.org/security/2022/dsa-5283 - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory

Information

Published : 2022-03-11 07:15

Updated : 2024-11-21 05:29


NVD link : CVE-2020-36518

Mitre link : CVE-2020-36518

CVE.ORG link : CVE-2020-36518


JSON object : View

Products Affected

netapp

  • oncommand_workflow_automation
  • cloud_insights_acquisition_unit
  • active_iq_unified_manager
  • oncommand_insight
  • snap_creator_framework

oracle

  • graph_server_and_client
  • communications_cloud_native_core_network_repository_function
  • communications_billing_and_revenue_management
  • primavera_p6_enterprise_project_portfolio_management
  • commerce_platform
  • financial_services_trade-based_anti_money_laundering
  • weblogic_server
  • communications_cloud_native_core_service_communication_proxy
  • spatial_studio
  • communications_cloud_native_core_binding_support_function
  • utilities_framework
  • communications_cloud_native_core_security_edge_protection_proxy
  • communications_cloud_native_core_unified_data_repository
  • sd-wan_edge
  • financial_services_behavior_detection_platform
  • financial_services_enterprise_case_management
  • big_data_spatial_and_graph
  • global_lifecycle_management_nextgen_oui_framework
  • financial_services_analytical_applications_infrastructure
  • primavera_gateway
  • communications_cloud_native_core_console
  • communications_cloud_native_core_network_slice_selection_function
  • global_lifecycle_management_opatch
  • primavera_unifier
  • retail_sales_audit
  • financial_services_crime_and_compliance_management_studio
  • coherence
  • health_sciences_empirica_signal
  • peoplesoft_enterprise_peopletools

fasterxml

  • jackson-databind

debian

  • debian_linux
CWE
CWE-787

Out-of-bounds Write