Debian Security Advisory 5315-1
Debian Linux Security Advisory 5315-1 - XStream serializes Java objects to
XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error,
resulting in a denial of service only via manipulation of the processed
input stream. The attack uses the hash code implementation for collections
and maps to force recursive hash calculation causing a stack overflow.
This update handles the stack overflow and raises an
InputManipulationException instead.
https://packetstormsecurity.com/files/170495/dsa-5315-1.txt
Thu, 12 Jan 2023 15:15:19 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com