Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Apr 21, 2025
Stack Buffer Overflow in Woodstox
CVE-2022-40152
Description
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.woodstox:woodstox-coreMaven | >= 6.0.0, < 6.4.0 | 6.4.0 |
com.fasterxml.woodstox:woodstox-coreMaven | < 5.4.0 | 5.4.0 |
Affected products
71- osv-coords70 versionspkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/sonarqubepkg:apk/chainguard/sonarqube-10pkg:apk/chainguard/sonarqube-10-docker-compatpkg:apk/chainguard/sonarqube-10-scriptspkg:apk/chainguard/sonarqube-docker-compatpkg:apk/chainguard/sonarqube-scriptspkg:apk/chainguard/spark-3.5pkg:apk/chainguard/spark-3.5-scala-2.12pkg:apk/chainguard/spark-3.5-scala-2.12-compatpkg:apk/chainguard/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-3.5-scala-2.13-compatpkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/sonarqubepkg:apk/wolfi/sonarqube-10pkg:apk/wolfi/sonarqube-10-docker-compatpkg:apk/wolfi/sonarqube-10-scriptspkg:apk/wolfi/sonarqube-docker-compatpkg:apk/wolfi/sonarqube-scriptspkg:apk/wolfi/spark-3.5pkg:apk/wolfi/spark-3.5-scala-2.12pkg:apk/wolfi/spark-3.5-scala-2.12-compatpkg:apk/wolfi/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/wolfi/spark-3.5-scala-2.13pkg:apk/wolfi/spark-3.5-scala-2.13-compatpkg:maven/com.fasterxml.woodstox/woodstox-corepkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/drools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/woodstox&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/woodstox&distro=SUSE%20Manager%20Server%20Module%204.3
< 0+ 69 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: >= 6.0.0, < 6.4.0
- (no CPE)range: < 3.1.2-150300.5.19.1
- (no CPE)range: < 7.17.0-150300.4.9.2
- (no CPE)range: < 0.8.1-150300.3.9.2
- (no CPE)range: < 0.2.7-150300.8.28.2
- (no CPE)range: < 4.2.9-150300.2.12.2
- (no CPE)range: < 4.2.9-150300.2.12.2
- (no CPE)range: < 0.7.0-150300.3.17.2
- (no CPE)range: < 3000.3-150300.7.7.29.2
- (no CPE)range: < 4.2.7-150300.4.12.2
- (no CPE)range: < 4.2.7-150300.4.12.2
- (no CPE)range: < 0.1.1676908681.e90e0b1-150300.3.15.1
- (no CPE)range: < 0.21.0-150300.3.12.4
- (no CPE)range: < 1.7.11-0.150300.3.12.2
- (no CPE)range: < 4.2.21-150300.4.33.2
- (no CPE)range: < 4.2.21-150300.4.33.2
- (no CPE)range: < 4.2.13-150300.3.18.1
- (no CPE)range: < 4.2.26-150300.4.35.6
- (no CPE)range: < 4.2.26-150300.4.35.6
- (no CPE)range: < 4.2.19-150300.3.27.4
- (no CPE)range: < 4.2.19-150300.3.27.4
- (no CPE)range: < 4.2.22-150300.4.30.2
- (no CPE)range: < 4.2.22-150300.4.30.2
- (no CPE)range: < 4.2.47-150300.3.58.1
- (no CPE)range: < 4.2.13-150300.3.24.2
- (no CPE)range: < 4.2.11-150300.3.14.2
- (no CPE)range: < 4.2.9-150300.3.15.2
- (no CPE)range: < 4.2.32-150300.3.36.4
- (no CPE)range: < 4.2.32-150300.3.36.4
- (no CPE)range: < 4.2.5-150300.3.9.2
- (no CPE)range: < 15.3.6-150300.3.6.2
- (no CPE)range: < 15.3.6-150300.3.6.2
- (no CPE)range: < 4.2.40-150300.3.49.1
- (no CPE)range: < 4.2-150300.12.39.4
- (no CPE)range: < 4.2-150300.12.39.2
- (no CPE)range: < 4.2.27-150300.3.35.1
- (no CPE)range: < 4.2.31-150300.3.43.1
- (no CPE)range: < 4.2.9-150300.3.14.1
- (no CPE)range: < 4.2.9-150300.3.14.1
- (no CPE)range: < 1.0.24-150300.3.9.2
- (no CPE)range: < 4.4.2-150300.3.6.2
- (no CPE)range: < 4.4.2-150400.3.6.1
- xstream/Woodstoxv5Range: unspecified
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-3f7h-mf4q-vrm4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-40152ghsaADVISORY
- bugs.chromium.org/p/oss-fuzz/issues/detailghsaWEB
- github.com/FasterXML/woodstox/issues/157ghsaWEB
- github.com/FasterXML/woodstox/issues/160ghsaWEB
- github.com/FasterXML/woodstox/pull/159ghsaWEB
- github.com/x-stream/xstream/issues/304ghsaWEB
News mentions
0No linked articles in our index yet.