Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 6 of 6 results

CVE-2023-5072

Medium priority
Needs evaluation

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

3 affected packages

jenkins-json, libjettison-java, libjson-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jenkins-json Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libjettison-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libjson-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-1436

Medium priority

Some fixes available 6 of 8

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

1 affected packages

libjettison-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjettison-java Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-45693

Medium priority

Some fixes available 5 of 7

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

1 affected packages

libjettison-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjettison-java Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-45685

Medium priority

Some fixes available 5 of 7

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

1 affected packages

libjettison-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjettison-java Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-40150

Low priority

Some fixes available 5 of 7

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out...

1 affected packages

libjettison-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjettison-java Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-40149

Low priority

Some fixes available 5 of 7

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by...

1 affected packages

libjettison-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjettison-java Needs evaluation Fixed Fixed Fixed Fixed
Show less packages