CVE-2020-28491

EUVD-2021-2611
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
snykCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
fasterxmljackson-dataformats-binary
𝑥
< 2.11.4
fasterxmljackson-dataformats-binary
2.12.0 <
𝑥
< 2.12.1
fasterxmljackson-dataformats-binary
2.12.0
fasterxmljackson-dataformats-binary
2.12.0:rc1
fasterxmljackson-dataformats-binary
2.12.0:rc2
quarkusquarkus
𝑥
< 2.0.2
oracleweblogic_server
12.2.1.3.0
oracleweblogic_server
12.2.1.4.0
oracleweblogic_server
14.1.1.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jackson-dataformat-cbor
bookworm
no-dsa
bullseye
no-dsa
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jackson-dataformat-cbor
bionic
needed
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
needed
Common Weakness Enumeration
References
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
https://github.com/FasterXML/jackson-dataformats-binary/issues/186
https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329
https://www.oracle.com/security-alerts/cpujul2022.html
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
https://github.com/FasterXML/jackson-dataformats-binary/issues/186
https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329
https://www.oracle.com/security-alerts/cpujul2022.html