1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-3F7H-MF4Q-VRM4

[MAVEN:GHSA-3F7H-MF4Q-VRM4] Denial of Service due to parser crash

Severity Moderate
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.

Package Affected Version
pkg:maven/com.fasterxml.woodstox/woodstox-core < 5.4.0
pkg:maven/com.fasterxml.woodstox/woodstox-core >= 6.0.0, < 6.4.0
Package Fixed Version
pkg:maven/com.fasterxml.woodstox/woodstox-core = 5.4.0
pkg:maven/com.fasterxml.woodstox/woodstox-core = 6.4.0
ID
MAVEN:GHSA-3F7H-MF4Q-VRM4
Severity
moderate
URL
https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
Published
2022-09-17T00:00:41
(2 years ago)
Modified
2023-07-05T22:37:41
(14 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/com.fasterxml.woodstox/woodstox-core com.fasterxml.woodstox woodstox-core < 5.4.0
Fixed pkg:maven/com.fasterxml.woodstox/woodstox-core com.fasterxml.woodstox woodstox-core = 5.4.0
Affected pkg:maven/com.fasterxml.woodstox/woodstox-core com.fasterxml.woodstox woodstox-core >= 6.0.0 < 6.4.0
Fixed pkg:maven/com.fasterxml.woodstox/woodstox-core com.fasterxml.woodstox woodstox-core = 6.4.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date