PT-2022-25245 · Jettison+4 · Jettison+4

Published

2022-09-16

Updated

2024-06-15

CVE-2022-40149

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Jettison (affected versions not specified)

Description The issue affects those using Jettison to parse untrusted XML or JSON data, making them vulnerable to Denial of Service attacks. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash by stackoverflow, potentially supporting a denial of service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2022-40149

DLA-3184-1

DSA-5312-1

GHSA-56H3-78GP-V83R

GHSA-XQCQ-J8W9-3PXV

OESA-2023-1914

OESA-2023-1965

OPENSUSE-SU-2024:12388-1

RHSA-2023:0552

RHSA-2023:0553

RHSA-2023:0554

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

RHSA-2023:3610

RHSA-2023:3663

RHSA-2025:4226

RHSA-2025:4437

USN-6177-1

Affected Products

Astra Linux

Jettison

Jira

Linuxmint

Ubuntu

PT-2022-25245 · Jettison+4 · Jettison+4

CVE-2022-40149

Weakness Enumeration

Related Identifiers

Affected Products

References · 41