CVE-2022-25647
Description
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.079
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2022-25647 are fixed in Google-gson 2.8.9 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.60 | Windows |
| Vulnerabilities CVE-2022-21540,CVE-2022-21541,CVE-2022-25647,CVE-2022-34169 are affected in Oracle GraalVM Enterprise Edition 20.3.6 | Windows |
| Vulnerabilities CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-25647,CVE-2022-34169 are affected in Oracle GraalVM Enterprise Edition 21.3.2 | Windows |
| Vulnerabilities CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-25647,CVE-2022-34169 are affected in Oracle GraalVM Enterprise Edition 22.1.0 | Windows |
| Multiple vulnerabilities are affected in Oracle BI Publisher 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle BI Publisher 12.2.1.4.0 | Windows |
| Vulnerabilities CVE-2021-40690,CVE-2022-21590,CVE-2022-25647 are affected in Oracle BI Publisher 5.9.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle BI Publisher 6.4.0.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| libgoogle-gson-java security update(DSA-5227-1) libgoogle-gson-java_2.8.6-1+deb11u1_all.deb | Linux |
| SUSE-SU-2022:2044-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) google-gson-2.8.9-150200.3.6.3.noarch_15_SP3.rpm | Linux |
| A Java serialization/deserialization library to convert (USN-6692-1) libgoogle-gson-java_2.8.5-3+deb10u1build0.20.04.1_all.deb | Linux |
| A Java serialization/deserialization library to convert (USN-6692-1) libgoogle-gson-java_2.8.8-1ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2022-25647 are fixed in Google-gson for Linux 2.8.9 | Linux |
| Deserialization of Untrusted Data Vulnerability (CVE-2022-25647) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234