2215214 – (CVE-2023-35116) CVE-2023-35116 jackson-databind: denial of service via cylic dependencies

Bug 2215214 (CVE-2023-35116) - CVE-2023-35116 jackson-databind: denial of service via cylic dependencies

Summary: CVE-2023-35116 jackson-databind: denial of service via cylic dependencies

Keywords:
Status:	NEW
Alias:	CVE-2023-35116
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2215216 2215217
Blocks:	2215215
TreeView+	depends on / blocked

Reported:	2023-06-15 06:05 UTC by Sandipan Roy
Modified:	2024-05-06 14:10 UTC (History)
CC List:	85 users (show)
Fixed In Version:	jackson-databind 2.15.2
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:5396	None	None	None	2023-09-28 11:55:44 UTC
Red Hat Product Errata	RHSA-2024:0719	None	None	None	2024-02-07 15:33:17 UTC
Red Hat Product Errata	RHSA-2024:0777	None	None	None	2024-02-12 10:25:29 UTC
Red Hat Product Errata	RHSA-2024:1027	None	None	None	2024-02-28 18:14:13 UTC
Red Hat Product Errata	RHSA-2024:2707	None	None	None	2024-05-06 14:10:22 UTC

Description Sandipan Roy 2023-06-15 06:05:28 UTC

An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

https://github.com/FasterXML/jackson-databind/issues/3972

Comment 11 errata-xmlrpc 2023-09-28 11:55:39 UTC

This issue has been addressed in the following products:

  Red Hat Data Grid 8.4.4

Via RHSA-2023:5396 https://access.redhat.com/errata/RHSA-2023:5396

Comment 13 errata-xmlrpc 2024-02-07 15:33:12 UTC

This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2024:0719 https://access.redhat.com/errata/RHSA-2024:0719

Comment 14 errata-xmlrpc 2024-02-12 10:25:25 UTC

This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.14

Via RHSA-2024:0777 https://access.redhat.com/errata/RHSA-2024:0777

Comment 15 errata-xmlrpc 2024-02-28 18:14:07 UTC

This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2024:1027 https://access.redhat.com/errata/RHSA-2024:1027

Comment 16 errata-xmlrpc 2024-05-06 14:10:17 UTC

This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.0 for Spring Boot

Via RHSA-2024:2707 https://access.redhat.com/errata/RHSA-2024:2707

Note You need to log in before you can comment on or make changes to this bug.

aazores
abenaiss
adupliak
aileenc
alampare
alazarot
anstephe
asoldano
ataylor
avibelli
bbaranow
bgeorges
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dfreiber
dhanak
dkreling
dosoudil
drichtar
eaguilar
ebaron
ellin
emingora
eric.wittmann
fjuma
fmongiar
gjospin
gmalinko
gzaronik
ibek
ivassile
iweiss
janstey
jburrell
jcantril
jkang
jnethert
jpallich
jpechane
jpoth
jrokos
jross
jscholz
kverlaen
lbacciot
lgao
lthon
mnovotny
mosmerov
msochure
mstefank
msvehla
nwallace
pantinor
pdelbell
pdrozd
peholase
periklis
pgallagh
pjindal
pmackay
pskopek
rguimara
rhcs-maint
rjohnson
rkieley
rogbas
rowaters
rruss
rstancel
saroy
scorneli
sfroberg
shbose
smaestri
sthorger
swoodman
tcunning
tom.jenkinson
vkumar
yfang