CVE-2022-40152

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-40152
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40152.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-40152
Aliases
Downstream
Related
Published
2022-09-16T10:15:09.877Z
Modified
2026-02-18T07:30:25.538137Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

References

Affected packages

Git / github.com/fasterxml/woodstox

Affected ranges

Type
GIT
Repo
https://github.com/fasterxml/woodstox
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3d168dc71fe5c7e22ab3cf7d7bfd7ae87dafc9c7
Introduced
fcc0070486507981265d62bcfcd2ce318ac4e8e8
Fixed
e8f00401bebd103f62d51383ef53da2cd58bd89e

Affected versions

woodstox-core-6.*
woodstox-core-6.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40152.json"