High severity7.5NVD Advisory· Published Apr 29, 2017· Updated Jun 17, 2026
CVE-2017-7957
CVE-2017-7957
Description
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.thoughtworks.xstream:xstreamMaven | < 1.4.10 | 1.4.10 |
Affected products
31- ghsa-coords31 versionspkg:maven/com.thoughtworks.xstream/xstreampkg:rpm/opensuse/xstream&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache-commons-lang3&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/drools&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/guava&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/jade4j&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/kie-api&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/kie-soup&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/optaplanner&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/reprepro&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/xstream&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/xstream&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/xstream&distro=SUSE%20Manager%20Server%203.2
< 1.4.10+ 30 more
- (no CPE)range: < 1.4.10
- (no CPE)range: < 1.4.18-1.1
- (no CPE)range: < 3.4-3.3.3
- (no CPE)range: < 2.6.6-6.16.3
- (no CPE)range: < 7.17.0-3.3.3
- (no CPE)range: < 27.0.1-3.3.3
- (no CPE)range: < 1.0.7-3.3.3
- (no CPE)range: < 7.17.0-3.3.3
- (no CPE)range: < 7.17.0.Final-2.3.3
- (no CPE)range: < 7.17.0-3.3.3
- (no CPE)range: < 2016.11.10-6.21.3
- (no CPE)range: < 5.3.0-2.3.3
- (no CPE)range: < 1.6.4-0.3.9.3
- (no CPE)range: < 2.8.25.10-3.20.3
- (no CPE)range: < 2.8.4.4-3.6.3
- (no CPE)range: < 2.8.57.14-3.25.3
- (no CPE)range: < 2.8.57.14-3.25.3
- (no CPE)range: < 2.8.5.15-3.19.3
- (no CPE)range: < 2.8.8.7-3.6.3
- (no CPE)range: < 2.8.8.7-3.6.3
- (no CPE)range: < 2.8.78.21-3.29.1
- (no CPE)range: < 2.8.7.15-3.24.3
- (no CPE)range: < 2.8.7.15-3.24.3
- (no CPE)range: < 0.23-4.12.3
- (no CPE)range: < 3.2.17-3.22.4
- (no CPE)range: < 3.2.18-3.22.3
- (no CPE)range: < 3.2.23-3.26.3
- (no CPE)range: < 3.2.14-3.20.3
- (no CPE)range: < 1.4.9-4.3.1
- (no CPE)range: < 1.4.9-3.3.1
- (no CPE)range: < 1.4.10-4.3.3
Patches
Vulnerability mechanics
References
14- www.debian.org/security/2017/dsa-3841nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/100687nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1039499nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- x-stream.github.io/CVE-2017-7957.htmlnvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:1832nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2888nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2889nvdThird Party AdvisoryWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/125800nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-7hwc-46rm-65jhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7957ghsaADVISORY
- github.com/x-stream/xstream/commit/6e546ec366419158b1e393211be6d78ab9604abghsaWEB
- github.com/x-stream/xstream/commit/8542d02d9ac5d384c85f4b33d6c1888c53bd55dghsaWEB
- github.com/x-stream/xstream/commit/b3570be2f39234e61f99f9a20640756ea71b1b4ghsaWEB
- www-prd-trops.events.ibm.com/node/715749nvdBroken LinkPermissions RequiredWEB
News mentions
0No linked articles in our index yet.