OSV-2023-1300

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/jackson-dataformats-text/OSV-2023-1300.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-1300

Published

2023-12-14T00:13:10.208981Z

Modified

2023-12-14T00:13:10.209415Z

Summary

Security exception in com.fasterxml.jackson.core.JsonParser.currentName

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65024

Crash type: Security exception
Crash state:
com.fasterxml.jackson.core.JsonParser.currentName
com.fasterxml.jackson.dataformat.yaml.YAMLParser.currentName
com.fasterxml.jackson.dataformat.yaml.YAMLParser.getCurrentName

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65024

Affected packages

OSS-Fuzz / jackson-dataformats-text

Package

Name: jackson-dataformats-text
Purl: pkg:generic/jackson-dataformats-text

Affected ranges

Type: GIT
Repo: https://github.com/FasterXML/jackson-dataformats-text.git
Events: Introduced

6b3977368d0795664e204ed59b09f48ddca6934d

Fixed

5aabe075fb0fb87c8f48c676e3fe8e84fa683262

Fixed

8c7c55f0bef45b0381563bcf9ddb73f24902106d

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "fixed_range": "6d7a885d70d553fa117f850d6751069b162d23ec:8c7c55f0bef45b0381563bcf9ddb73f24902106d"
}