漏洞信息详情
XStream 安全漏洞
- CNNVD编号:CNNVD-202108-1900
- 危害等级: 中危
- CVE编号: CVE-2021-39140
- 漏洞类型: 其他
- 发布时间: 2021-08-23
- 威胁类型: 远程
- 更新时间: 2022-04-24
- 厂 商:
- 漏洞来源:
漏洞简介
XStream是XStream(Xstream)团队的一个轻量级的、简单易用的开源Java类库,它主要用于将对象序列化成XML(jsON)或反序列化为对象。
XStream 1.4.18之前版本存在安全漏洞,攻击者可利用该漏洞根据CPU类型或并行执行有效负载,在目标系统上分配100\\%的CPU时间,从而仅通过操纵已处理的输入流,导致拒绝服务
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://x-stream.github.io/CVE-2021-39140.HTML
参考网址
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-5004
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujan2022.HTML
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/09/msg00017.HTML
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuapr2022.HTML
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
来源:CONFIRM
链接:https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
来源:MISC
链接:https://x-stream.github.io/CVE-2021-39140.HTML
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210923-0003/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022042257
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/XStream-multiple-vulnerabilities-36548
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3547
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3508
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3837
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuapr2022.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3984
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.4105
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164611/Red-Hat-Security-Advisory-2021-3956-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6525260
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165980/Red-Hat-Security-Advisory-2022-0520-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165732/Red-Hat-Security-Advisory-2022-0297-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3251
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165134/Red-Hat-Security-Advisory-2021-4918-03.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.0644
受影响实体
暂无
补丁
- XStream 安全漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论