Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0069)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0069

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0069)

Resumen: The remote host is missing an update for the 'jackson-databind' package(s) announced via the MGASA-2024-0069 advisory.

Descripción: Summary:
The remote host is missing an update for the 'jackson-databind' package(s) announced via the MGASA-2024-0069 advisory.

Vulnerability Insight:
jackson-databind before 2.13.0 allows a Java StackOverflow exception and
denial of service via a large depth of nested objects. (CVE-2020-36518)
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1,
resource exhaustion can occur because of a lack of a check in primitive
value deserializers to avoid deep wrapper array nesting, when the
UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. (CVE-2022-42003)
In FasterXML jackson-databind before 2.13.4, resource exhaustion can
occur because of a lack of a check in
BeanDeserializer._deserializeFromArray to prevent use of deeply nested
arrays. An application is vulnerable only with certain customized
choices for deserialization. (CVE-2022-42004)

Affected Software/OS:
'jackson-databind' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-36518
https://security.netapp.com/advisory/ntap-20220506-0004/
Debian Security Information: DSA-5283 (Google Search)
https://www.debian.org/security/2022/dsa-5283
https://github.com/FasterXML/jackson-databind/issues/2816
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-42003
https://security.gentoo.org/glsa/202210-21
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
https://github.com/FasterXML/jackson-databind/issues/3590
Common Vulnerability Exposure (CVE) ID: CVE-2022-42004
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
https://github.com/FasterXML/jackson-databind/issues/3582

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0069
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0069)
Resumen:	The remote host is missing an update for the 'jackson-databind' package(s) announced via the MGASA-2024-0069 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jackson-databind' package(s) announced via the MGASA-2024-0069 advisory. Vulnerability Insight: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. (CVE-2020-36518) In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. (CVE-2022-42003) In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004) Affected Software/OS: 'jackson-databind' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-36518 https://security.netapp.com/advisory/ntap-20220506-0004/ Debian Security Information: DSA-5283 (Google Search) https://www.debian.org/security/2022/dsa-5283 https://github.com/FasterXML/jackson-databind/issues/2816 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2022-42003 https://security.gentoo.org/glsa/202210-21 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 https://github.com/FasterXML/jackson-databind/issues/3590 Common Vulnerability Exposure (CVE) ID: CVE-2022-42004 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 https://github.com/FasterXML/jackson-databind/issues/3582
Copyright	Copyright (C) 2024 Greenbone AG