High severityNVD Advisory· Published Feb 18, 2021· Updated Sep 16, 2024
Denial of Service (DoS)
CVE-2020-28491
Description
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.dataformat:jackson-dataformat-cborMaven | >= 2.8.0rc1, < 2.11.4 | 2.11.4 |
com.fasterxml.jackson.dataformat:jackson-dataformat-cborMaven | >= 2.12.0rc1, < 2.12.1 | 2.12.1 |
Affected products
63- com.fasterxml.jackson.dataformat/jackson-dataformat-cbordescription
- ghsa-coords62 versionspkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-cborpkg:rpm/opensuse/jackson-annotations&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/jackson-annotations&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/jackson-bom&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/jackson-bom&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/jackson-core&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/jackson-core&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/jackson-databind&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/jackson-databind&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/jackson-dataformats-binary&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/jackson-dataformats-binary&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/jackson-annotations&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/jackson-annotations&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/jackson-annotations&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/jackson-annotations&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/jackson-annotations&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/jackson-core&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/jackson-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/jackson-core&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/jackson-core&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/jackson-core&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/jackson-databind&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/jackson-databind&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/jackson-databind&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/jackson-databind&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Manager%20Server%204.1
>= 2.8.0rc1, < 2.11.4+ 61 more
- (no CPE)range: >= 2.8.0rc1, < 2.11.4
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.3.1
- (no CPE)range: < 2.13.0-150200.3.3.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.6.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.9.1
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
- (no CPE)range: < 2.13.0-150200.3.3.3
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-xmc8-26q4-qjhxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28491ghsaADVISORY
- github.com/FasterXML/jackson-dataformats-binary/commit/3d7de83423f8f68f8e9a0c8250084e11818544c7ghsaWEB
- github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6ghsax_refsource_MISCWEB
- github.com/FasterXML/jackson-dataformats-binary/issues/186ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329ghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.