XStream serializes Java objects to XML and back again. Versions prior to
1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with
a stack overflow error, resulting in a denial of service only via manipulation
of the processed input stream. The attack uses the hash code implementation for
collections and maps to force recursive hash calculation causing a stack
overflow. This update handles the stack overflow and raises an
InputManipulationException instead.
More Stories
CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown...
USN-5836-1: Vim vulnerabilities
It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to...
CVE-2020-20402
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. Read More
pesign-116-1.fc37
FEDORA-2023-e77628f240 Packages in this update: pesign-116-1.fc37 Update description: New upstream release (116) Fix CVE-2022-3560 This is a privilege escalation in...
pesign-115-4.fc36
FEDORA-2023-5399953e3b Packages in this update: pesign-115-4.fc36 Update description: Fix CVE-2022-3560 This is a privilege escalation in the pesign-authorize script, which...
USN-5835-3: Nova vulnerability
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker...