CVE-2018-1000873
Last modified
CVE-2018-1000873 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. EPSS estimates a 4.76% chance of exploitation in the next 30 days.
Description
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fasterxml | Jackson-Modules-Java8 | < 2.9.8 |
| Oracle | Clusterware | 12.1.0.2.0 |
| Oracle | Database Server | 12.1.0.2 |
| Oracle | Database Server | 12.2.0.1 |
| Oracle | Database Server | 18c |
| Oracle | Database Server | 19c |
| Oracle | Global Lifecycle Management Opatch | < 11.2.0.3.23 |
| Oracle | Global Lifecycle Management Opatch | >= 12.2.0.1.0, < 12.2.0.1.19 |
| Oracle | Global Lifecycle Management Opatch | >= 13.9.4.0.0, < 13.9.4.2.1 |
| Oracle | Nosql Database | < 19.3.12 |
| Netapp | Active Iq Unified Manager | >= 7.3 |
| Netapp | Active Iq Unified Manager | >= 9.5 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1665601Issue Tracking, Third Party Advisory
- https://github.com/FasterXML/jackson-modules-java8/issues/90Exploit, Patch, Third Party Advisory
- https://github.com/FasterXML/jackson-modules-java8/pull/87Patch, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200904-0004/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1665601Issue Tracking, Third Party Advisory
- https://github.com/FasterXML/jackson-modules-java8/issues/90Exploit, Patch, Third Party Advisory
- https://github.com/FasterXML/jackson-modules-java8/pull/87Patch, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200904-0004/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000873?
How severe is CVE-2018-1000873?
How do I fix CVE-2018-1000873?
Are you affected by CVE-2018-1000873?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST