MGASA-2017-0119

Source
https://advisories.mageia.org/MGASA-2017-0119.html
Import Source
https://advisories.mageia.org/MGASA-2017-0119.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0119
Published
2017-04-30T23:33:52Z
Modified
2026-04-16T04:28:26.019408Z
Summary
Updated xstream packages fix security vulnerability
Details

A vulnerability was found in XStream. Parsing a maliciously crafted file could cause the application to crash. The processed stream at unmarshalling type contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. The crash occurrs if this information advices XStream to create an instance of the primitive type 'void'. This situation can only happen if an attacker was able to manipulate the incoming data, since such an instance does not exist (rhbz#1441538).

References
Credits

Affected packages

Mageia:5 / xstream

Package

Name
xstream
Purl
pkg:rpm/mageia/xstream?arch=source&distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.9-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2017-0119.json"