OSV-2024-24

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/jackson-dataformats-binary/OSV-2024-24.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-24

Published

2024-01-20T00:04:01.700018Z

Modified

2024-03-13T14:21:08.789955Z

Summary

Security exception in java.base/java.util.Arrays.copyOf

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65740

Crash type: Security exception
Crash state:
java.base/java.util.Arrays.copyOf
com.fasterxml.jackson.core.util.TextBuffer.expandCurrentSegment
com.fasterxml.jackson.dataformat.cbor.CBORParser._finishShortText

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65740

Affected packages

OSS-Fuzz / jackson-dataformats-binary

Package

Name: jackson-dataformats-binary
Purl: pkg:generic/jackson-dataformats-binary

Affected ranges

Type: GIT
Repo: https://github.com/FasterXML/jackson-dataformats-binary
Events: Introduced

955e711ac433f529450048624ee5c30aeb47c258

Fixed

1f8c5193a651853be0334968bd7bd860398a7478

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

fixed_range

"8d484d2573a6240596c9cc002648e27dce8287a4:1f8c5193a651853be0334968bd7bd860398a7478"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/jackson-dataformats-binary/OSV-2024-24.yaml"

introduced_range

"11e473ec679fbef8a2c10d47f6d3b19985bc9a52:0e2a81a78dbfa6583bee7520c2d441dbb38e2f5b"