CVE-2021-43859

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions XStream versions prior to 1.4.19

Description The issue is related to an uncontrolled resource consumption in the XStream Java library, which can be exploited by a remote attacker to cause a denial of service. This can be achieved by manipulating the processed input stream, potentially allocating 100% CPU time on the target system. The library's ability to serialize objects to XML and back again is affected.

Recommendations For versions prior to 1.4.19, upgrade to version 1.4.19 or later as soon as possible. As a temporary workaround for users unable to upgrade, set the NO REFERENCE mode to prevent recursion.

Exploit

Fix

DoS

Deserialization of Untrusted Data

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-400

Related Identifiers

ALT-PU-2022-7660

BDU:2022-05508

BIT-JENKINS-2021-43859

CVE-2021-43859

DLA-2924-1

DLA-4001-1

GHSA-RMR5-CPV2-VGJF

OESA-2022-1512

OESA-2022-2066

OPENSUSE-SU-2022:0817-1

OPENSUSE-SU-2022_0817-1

OPENSUSE-SU-2024:11809-1

RHSA-2022:1420

SUSE-SU-2022:0817-1

SUSE-SU-2022_0817-1

Affected Products

Alt Linux

Jenkins

Suse

Xstream

CVE-2021-43859

Weakness Enumeration

Related Identifiers

Affected Products

References · 52