 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.893207 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DLA-3207-1) |
| Summary: | The remote host is missing an update for the Debian 'jackson-databind' package(s) announced via the DLA-3207-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'jackson-databind' package(s) announced via the DLA-3207-1 advisory. Vulnerability Insight: Several flaws were discovered in jackson-databind, a fast and powerful JSON library for Java. CVE-2020-36518 Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2022-42003 In FasterXML jackson-databind resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. CVE-2022-42004 In FasterXML jackson-databind resource exhaustion can occur because of a lack of a check in BeanDeserializerBase.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. For Debian 10 buster, these problems have been fixed in version 2.9.8-3+deb10u4. We recommend that you upgrade your jackson-databind packages. For the detailed security status of jackson-databind please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'jackson-databind' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-36518 https://security.netapp.com/advisory/ntap-20220506-0004/ Debian Security Information: DSA-5283 (Google Search) https://www.debian.org/security/2022/dsa-5283 https://github.com/FasterXML/jackson-databind/issues/2816 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2022-42003 https://security.gentoo.org/glsa/202210-21 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 https://github.com/FasterXML/jackson-databind/issues/3590 Common Vulnerability Exposure (CVE) ID: CVE-2022-42004 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 https://github.com/FasterXML/jackson-databind/issues/3582 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |