rpm package
suse/xstream&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/xstream&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47072 | Hig | 7.5 | < 1.4.21-150200.3.28.1 | 1.4.21-150200.3.28.1 | Nov 8, 2024 | XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configu | |
| CVE-2022-41966 | — | < 1.4.20-150200.3.25.1 | 1.4.20-150200.3.25.1 | Dec 27, 2022 | XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code i | ||
| CVE-2022-40151 | — | < 1.4.20-150200.3.25.1 | 1.4.20-150200.3.25.1 | Sep 16, 2022 | Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. |
- affected < 1.4.21-150200.3.28.1fixed 1.4.21-150200.3.28.1
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configu
- CVE-2022-41966Dec 27, 2022affected < 1.4.20-150200.3.25.1fixed 1.4.20-150200.3.25.1
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code i
- CVE-2022-40151Sep 16, 2022affected < 1.4.20-150200.3.25.1fixed 1.4.20-150200.3.25.1
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.