FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9d9e9439-959e-11ed-b464-b42e991fc52e	security/keycloak -- Multiple possible DoS attacks CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Discovery 2022-09-07 Entry 2023-01-16 keycloak < 20.0.3 CVE-2022-40151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151 CVE-2022-41966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966

VuXML ID

Description

9d9e9439-959e-11ed-b464-b42e991fc52e

security/keycloak -- Multiple possible DoS attacks

CIRCL reports:

CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream.

CVE-2022-40151: If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Discovery 2022-09-07
Entry 2023-01-16
keycloak

< 20.0.3

CVE-2022-40151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151
CVE-2022-41966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966