Debian 10262 Published by

A libxstream-java security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue where a remote attacker can terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream.



ELA-771-1 libxstream-java security update

Package : libxstream-java
Version : 1.4.11.1-1+deb8u6 (jessie), 1.4.11.1-1+deb9u6 (stretch)

Related CVEs :
CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to this update may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead.

  ELA-771-1 libxstream-java security update