CVE-2022-40151

Published: Sep 16, 2022Modified: May 23, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Affected (1)

Products: Xstream: Xstream

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xstream Xstream	Before 1.4.20

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367

Source: cve-coordination@google.com

ExploitPermissions RequiredThird Party Advisory

https://github.com/x-stream/xstream/issues/304

Source: cve-coordination@google.com

Issue TrackingThird Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPermissions RequiredThird Party Advisory

https://github.com/x-stream/xstream/issues/304

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.