Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 908515 (CVE-2023-35116)

Summary: dev-java/jackson-databind: denial of service via cylic dependencies
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/FasterXML/jackson-databind/issues/3972
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-15 05:23:24 UTC 
CVE-2023-35116:

An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

It appears this person (semi-?) automatedly reported many of these
issues at once in various things. jackson-databind is not sure it's a
real security bug, so I'll call it invalid.