CPE-80615BB7-E832-4A3F-A87E-E724C0B010E0 Detail

CPE Details

Xstream Project Xstream 1.4.18

Vendor

xstream_project

Product

xstream

Version

1.4.18

Created

2022-02-03
11h01 +00:00

Modified

2022-02-03
18h43 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:xstream_project:xstream:1.4.18:::::::*

Informations

Vendor

xstream_project

Product

xstream

Version

1.4.18

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-41966	2022-12-27 23h07 +00:00	XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.	8.2	High
CVE-2022-40152	2022-09-16 10h00 +00:00	Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.	7.5	High
CVE-2022-40151	2022-09-16 10h00 +00:00	Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.	7.5	High
CVE-2021-43859	2022-02-01 11h08 +00:00	XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.	7.5	High

Xstream Project Xstream 1.4.18

CPE Details

CPE Name: cpe:2.3:a:xstream_project:xstream:1.4.18:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:xstream_project:xstream:1.4.18:::::::*