CVE-2023-35116

MEDIUM Year: 2023
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-770
View all →

Vulnerability Description

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

Related Vulnerabilities

CVE-2019-3882

MEDIUM
CVSS:4.7(Medium)

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local at...

CWE-7702019

CVE-2022-29973

MEDIUM
CVSS:4.7(Medium)

relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.

CWE-7702022

CVE-2023-5573

MEDIUM
CVSS:4.7(Medium)

Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.

CWE-7702023

CVE-2024-0026

MEDIUM
CVSS:4.7(Medium)

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privile...

CWE-7702024

CVE-2021-22360

MEDIUM
CVSS:4.9(Medium)

There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations ...

CWE-7702021

CVE-2021-28700

MEDIUM
CVSS:4.9(Medium)

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set...

CWE-7702021