XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat jboss Data Grid |
|
CPEs | cpe:/a:redhat:jboss_data_grid:8 | |
Vendors & Products |
Redhat
Redhat jboss Data Grid |
Sat, 09 Nov 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 08 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
X-stream
X-stream x-stream |
|
CPEs | cpe:2.3:a:x-stream:x-stream:*:*:*:*:*:*:*:* | |
Vendors & Products |
X-stream
X-stream x-stream |
|
Metrics |
ssvc
|
Fri, 08 Nov 2024 00:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver. | |
Title | XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream | |
Weaknesses | CWE-121 CWE-502 |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-07T23:38:52.978Z
Updated: 2024-11-08T15:20:08.949Z
Reserved: 2024-09-17T17:42:37.029Z
Link: CVE-2024-47072
Vulnrichment
Updated: 2024-11-08T15:19:32.931Z
NVD
Status : Awaiting Analysis
Published: 2024-11-08T00:15:14.937
Modified: 2024-11-08T19:01:03.880
Link: CVE-2024-47072
Redhat