CVE-2022-40152
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-40152
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40152.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-40152
- Aliases
- Related
- Published
- 2022-09-16T10:15:09Z
- Modified
- 2025-05-24T02:56:00.837289Z
- Downstream
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
- References
Affected packages
Debian:11 / libwoodstox-java
Package
- Name
- libwoodstox-java
- Purl
- pkg:deb/debian/libwoodstox-java?arch=source
Debian:12 / libwoodstox-java
Package
- Name
- libwoodstox-java
- Purl
- pkg:deb/debian/libwoodstox-java?arch=source
Debian:13 / libwoodstox-java
Package
- Name
- libwoodstox-java
- Purl
- pkg:deb/debian/libwoodstox-java?arch=source
Git / github.com/fasterxml/woodstox
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fasterxml/woodstox
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/x-stream/xstream
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
XSTREAM_1_4_10
XSTREAM_1_4_11
XSTREAM_1_4_11_1
XSTREAM_1_4_12
XSTREAM_1_4_13
XSTREAM_1_4_14
XSTREAM_1_4_15
XSTREAM_1_4_16
XSTREAM_1_4_17
XSTREAM_1_4_18
XSTREAM_1_4_19
XSTREAM_1_4_5
XSTREAM_1_4_9
woodstox-core-5.*
woodstox-core-5.0.0
woodstox-core-5.0.1
woodstox-core-5.0.2
woodstox-core-5.0.3
woodstox-core-5.1.0
woodstox-core-5.2.0
woodstox-core-5.2.1
woodstox-core-5.3.0