Home > Vulnerability Database > CVE-2024-47072

Mend.io Vulnerability Database

CVE-2024-47072

Good to know:

Date: November 7, 2024

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

Language: Java

Severity Score

7.5

Related Resources (7)

Url: https://x-stream.github.io/CVE-2024-47072.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47072

Url: https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266

Url: https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a

Url: https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q

Url: https://github.com/x-stream/xstream

Url: https://www.mend.io/vulnerability-database/CVE-2024-47072

Severity Score

7.5

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Stack-based Buffer Overflow

CWE-121

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47072

Good to know:

Date: November 7, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?