CVE-2018-7525
published 2018-03-21CVE-2018-7525: In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
PriorityP421medium5.3CVSS 3.0
AVLACLPRLUINSUCLILAL
EPSS
0.35%
26.7th percentile
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | omron_cx-supervisor | — | — |
| omron | cx-supervisor | <= 3.30 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
ghsa·2022-05-24·CVSS 9.8
CVE-2019-10202 [CRITICAL] CWE-502 Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
GHSA
GHSA-f975-788f-chx9: In Omron CX-Supervisor Versions 3
ghsa_unreviewed·2022-05-13
CVE-2018-7525 [MEDIUM] CWE-476 GHSA-f975-788f-chx9: In Omron CX-Supervisor Versions 3
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
GHSA
Deserialization of Untrusted Data in jackson-databind
ghsa·2020-06-30·CVSS 9.8
CVE-2018-5968 [CRITICAL] CWE-184 Deserialization of Untrusted Data in jackson-databind
Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
GHSA
FasterXML jackson-databind allows unauthenticated remote code execution
ghsa·2018-10-16·CVSS 9.8
CVE-2018-7489 [CRITICAL] CWE-184 FasterXML jackson-databind allows unauthenticated remote code execution
FasterXML jackson-databind allows unauthenticated remote code execution
FasterXML jackson-databind before before 2.6.7.5, 2.7.x before 2.7.9.3, 2.8.x before 2.8.11.1, and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Red Hat
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
vendor_redhat·2019-09-30·CVSS 9.8
CVE-2019-10202 [CRITICAL] CWE-502 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Package: codehaus (Red Hat BPM Suite 6) - Out of support scope
Package: codehaus (Red Hat Decision Manager 7) - Not affected
Package: codehaus (Red Hat JBoss A-MQ 6) - Out of support scope
Package: codehaus (Red Hat JBoss BRMS 5) - Out of support scope
Package: codehaus (Red Hat JBoss BRMS 6) - Out of support scope
Package: codehaus
CISA ICS
Omron CX-Supervisor (Update A)
cisa_ics·2018-03-13·CVSS 5.3
[MEDIUM] Omron CX-Supervisor (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Omron CX-Supervisor (Update A)
Last RevisedDecember 20, 2018
Alert CodeICSA-18-072-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 5.3
- ATTENTION: Low skill level to exploit
- Vendor: Omron
- Equipment: CX-Supervisor
- Vulnerabilities: Stack-based Buffer Overflow, Use After Free, Access of Uninitialized Pointer, Double Free, Out-of-bounds Write, Untrusted Pointer Dereference, Heap-based Buffer Overflow.
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-072-01 Omron CX-Supervisor that was published March 13, 2018, on the NCCIC/ICS-C
Red Hat
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
vendor_redhat·2018-02-26·CVSS 9.8
CVE-2018-7489 [CRITICAL] CWE-20 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id
Red Hat
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
vendor_redhat·2018-01-18·CVSS 9.8
CVE-2018-5968 [CRITICAL] CWE-502 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by blacklisting more classes that could be used maliciously.
Statement: JBoss EAP 7.x only uses the vulnerable Ja
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) [fedora-all]
bugzilla·2018-01-24·CVSS 9.8
CVE-2018-5968 [CRITICAL] CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) [fedora-all]
CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedp
Bugzilla
CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
bugzilla·2018-01-24·CVSS 9.8
CVE-2018-5968 [CRITICAL] CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
A flaw was found in FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 which allows unauthenticated remote code execution due to an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
References:
https://github.com/FasterXML/jackson-databind/issues/1899
Patch:
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
Discussion:
Created jackson-databind tracking bugs for this issue:
Affects: fedora-all [bug 1538333]
---
Reduced to moderate after internal discussions about ratings on flaws versus ratin
2018-03-21
Published