Duplicate Advisory: Denial of Service due to parser crash
Low severity
GitHub Reviewed
Published
Sep 17, 2022
to the GitHub Advisory Database
•
Updated Mar 3, 2023
Withdrawn
This advisory was withdrawn on Mar 3, 2023
Description
Published by the National Vulnerability Database
Sep 16, 2022
Published to the GitHub Advisory Database
Sep 17, 2022
Reviewed
Sep 20, 2022
Withdrawn
Mar 3, 2023
Last updated
Mar 3, 2023
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-f8cc-g7j8-xxpm. This link is maintained to preserve external references.
Original Description
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
References