Debian Libjettison-Java vulnerabilities

6 known vulnerabilities affecting debian/libjettison-java.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-5072HIGHCVSS 7.5fixed in libjson-java 3.1.0+dfsg-1 (forky)2023
CVE-2023-5072 [HIGH] CVE-2023-5072: jenkins-json - Denial of Service in JSON-Java versions up to and including 20230618.  A bug in... Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2023-1436MEDIUMCVSS 5.9fixed in libjettison-java 1.5.4-1 (forky)2023
CVE-2023-1436 [MEDIUM] CVE-2023-1436: libjettison-java - An infinite recursion is triggered in Jettison when constructing a JSONArray fro... An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.5.4-1) sid: resolved (fixed in 1.5.4-1) trixie: resolved (fixed in 1.5.4-1)
debian
CVE-2022-45693HIGHCVSS 7.5fixed in libjettison-java 1.5.3-1 (bookworm)2022
CVE-2022-45693 [HIGH] CVE-2022-45693: libjettison-java - Jettison before v1.5.2 was discovered to contain a stack overflow via the map pa... Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. Scope: local bookworm: resolved (fixed in 1.5.3-1) bullseye: resolved (fixed in 1.5.3-1~deb11u1) forky: resolved (fixed in 1.5.3-1) sid: resolved (fixed in 1.5.3-1) trixie: reso
debian
CVE-2022-45685HIGHCVSS 7.5fixed in libjettison-java 1.5.3-1 (bookworm)2022
CVE-2022-45685 [HIGH] CVE-2022-45685: libjettison-java - A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of... A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Scope: local bookworm: resolved (fixed in 1.5.3-1) bullseye: resolved (fixed in 1.5.3-1~deb11u1) forky: resolved (fixed in 1.5.3-1) sid: resolved (fixed in 1.5.3-1) trixie: resolved (fixed in 1.5.3-1)
debian
CVE-2022-40149MEDIUMCVSS 6.5fixed in libjettison-java 1.5.1-1 (bookworm)2022
CVE-2022-40149 [MEDIUM] CVE-2022-40149: libjettison-java - Those using Jettison to parse untrusted XML or JSON data may be vulnerable to De... Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Scope: local bookworm: resolved (fixed in 1.5.1-1) bullseye: res
debian
CVE-2022-40150MEDIUMCVSS 6.5fixed in libjettison-java 1.5.3-1 (bookworm)2022
CVE-2022-40150 [MEDIUM] CVE-2022-40150: libjettison-java - Those using Jettison to parse untrusted XML or JSON data may be vulnerable to De... Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. Scope: local bookworm: resolved (fixed in 1.5.3-1) bullseye: res
debian
Debian Libjettison-Java vulnerabilities | cvebase