Sign In

CVE-2022-40149

ADVISORY - github

Summary

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

EPSS Score: 0.00521 (0.663)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

ADVISORY - github

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-787

Out-of-bounds Write

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2022-40149
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-121CWE-787

CVSS SCORE

6.5medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-56h3-78gp-v83r
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-121CWE-787

CVSS SCORE

6.5medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2022-40149
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2022-40149
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2022-40149

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-787CWE-937

CVSS SCORE

7.5high

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2023-2363
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2022-40149
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-121CWE-787

CVSS SCORE

7.5medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-h3v5-5856-885r

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY