rpm package
suse/xstream&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4
pkg:rpm/suse/xstream&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41966 | — | < 1.4.20-150200.3.25.1 | 1.4.20-150200.3.25.1 | Dec 27, 2022 | XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code i | ||
| CVE-2022-40151 | — | < 1.4.20-150200.3.25.1 | 1.4.20-150200.3.25.1 | Sep 16, 2022 | Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. |
- CVE-2022-41966Dec 27, 2022affected < 1.4.20-150200.3.25.1fixed 1.4.20-150200.3.25.1
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code i
- CVE-2022-40151Sep 16, 2022affected < 1.4.20-150200.3.25.1fixed 1.4.20-150200.3.25.1
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.