CVE-2021-43859
Description
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-43859 are fixed in Thoughtworks-Xstream 1.4.19 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.7 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.8 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.9 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 3.0 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 3.1 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 3.2 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.7.1 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.4 | Windows |
| Vulnerabilities CVE-2021-43859 are fixed in Thoughtworks-Xstream for Linux 1.4.19 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234