security/keycloak -- Multiple possible DoS attacks
Details
| VuXML ID |
9d9e9439-959e-11ed-b464-b42e991fc52e |
| Discovery |
2022-09-07 |
| Entry |
2023-01-16 |
CIRCL reports:
- CVE-2022-41966: XStream serializes Java objects to XML
and back again.
Versions prior to 1.4.20 may allow a remote attacker
to terminate the application with a stack
overflow error, resulting in a denial of
service only via manipulation the
processed input stream.
- CVE-2022-40151: If the parser is running on user
supplied input, an attacker may supply content that
causes the parser to crash by stackoverflow. This
effect may support a denial of service attack.
References
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.