Description

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Remediation

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434

https://github.com/x-stream/xstream/issues/304

Related Vulnerabilities

CVE-2022-36883 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2023-26158 Vulnerability in npm package mockjs

CVE-2018-6464 Vulnerability in npm package simditor

CVE-2023-45820 Vulnerability in npm package directus

CVE-2022-25766 Vulnerability in npm package ungit

Severity

High

Classification

CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Permissions Required Third Party Advisory Issue Tracking