admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-401xx/CVE-2022-40151.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

138 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-40151",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2022-09-16T10:15:09.817",
"lastModified": "2024-11-21T07:20:59.143",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack."
},
{
"lang": "es",
"value": "Los que usan Xstream para seralizar datos XML pueden ser vulnerables a ataques de Denegaci\u00f3n de Servicio (DOS). Si el analizador es ejecutado con la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por desbordamiento de pila. Este efecto puede soportar un ataque de denegaci\u00f3n de servicio"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.4.19",
"matchCriteriaId": "A6DDFDA0-5B71-4DEF-98C5-216EE4042401"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367",
"source": "cve-coordination@google.com",
"tags": [
"Exploit",
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://github.com/x-stream/xstream/issues/304",
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://github.com/x-stream/xstream/issues/304",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink