CVE-2024-47072

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47072

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47072.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47072

Aliases

GHSA-hfq9-hggm-c56q

Related

Published

2024-11-08T00:15:14Z

Modified

2024-12-22T00:54:47.693529Z

Summary

[none]

Details

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

References

Affected packages

Debian:11 / libxstream-java

Package

Name: libxstream-java
Purl: pkg:deb/debian/libxstream-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.15-3+deb11u3

Affected versions

1.*

1.4.15-3

1.4.15-3+deb11u1

1.4.15-3+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libxstream-java

Package

Name: libxstream-java
Purl: pkg:deb/debian/libxstream-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.20-1

1.4.20-2

1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libxstream-java

Package

Name: libxstream-java
Purl: pkg:deb/debian/libxstream-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.21-1

Affected versions

1.*

1.4.20-1

1.4.20-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/x-stream/xstream

Affected ranges

Type: GIT
Repo: https://github.com/x-stream/xstream
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bb838ce2269cac47433e31c77b2b236466e9f266

Affected versions

Other

XSTREAM_1_4_10

XSTREAM_1_4_11

XSTREAM_1_4_11_1

XSTREAM_1_4_12

XSTREAM_1_4_13

XSTREAM_1_4_14

XSTREAM_1_4_15

XSTREAM_1_4_16

XSTREAM_1_4_17

XSTREAM_1_4_18

XSTREAM_1_4_19

XSTREAM_1_4_20

XSTREAM_1_4_5

XSTREAM_1_4_9