This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329 | Patch Third Party Advisory |
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 | Patch Third Party Advisory |
https://github.com/FasterXML/jackson-dataformats-binary/issues/186 | Issue Tracking Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2021-02-18 08:15
Updated : 2022-12-06 13:44
NVD link : CVE-2020-28491
Mitre link : CVE-2020-28491
JSON object : View
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Products Affected
fasterxml
- jackson-dataformats-binary
oracle
- weblogic_server
quarkus
- quarkus