Vulnerabilities > CVE-2020-36518 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2022-03-11

Updated: 2022-11-29

Summary

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Vulnerable Configurations

Part	Description	Count
Application	Fasterxml Fasterxml Jackson Databind 2.0.0 Fasterxml Jackson Databind 2.0.1 Fasterxml Jackson Databind 2.0.2 Fasterxml Jackson Databind 2.0.4 Fasterxml Jackson Databind 2.0.5 Fasterxml Jackson Databind 2.0.6 Fasterxml Jackson Databind 2.1.0 Fasterxml Jackson Databind 2.1.1 Fasterxml Jackson Databind 2.1.2 Fasterxml Jackson Databind 2.1.3 Fasterxml Jackson Databind 2.1.4 Fasterxml Jackson Databind 2.1.5 Fasterxml Jackson Databind 2.2.0 Fasterxml Jackson Databind 2.2.1 Fasterxml Jackson Databind 2.2.2 Fasterxml Jackson Databind 2.2.3 Fasterxml Jackson Databind 2.2.4 Fasterxml Jackson Databind 2.3.0 Fasterxml Jackson Databind 2.3.1 Fasterxml Jackson Databind 2.3.2 Fasterxml Jackson Databind 2.3.3 Fasterxml Jackson Databind 2.3.4 Fasterxml Jackson Databind 2.3.5 Fasterxml Jackson Databind 2.4.0 Fasterxml Jackson Databind 2.4.1 Fasterxml Jackson Databind 2.4.1.1 Fasterxml Jackson Databind 2.4.1.2 Fasterxml Jackson Databind 2.4.1.3 Fasterxml Jackson Databind 2.4.2 Fasterxml Jackson Databind 2.4.3 Fasterxml Jackson Databind 2.4.4 Fasterxml Jackson Databind 2.4.5 Fasterxml Jackson Databind 2.4.5.1 Fasterxml Jackson Databind 2.4.6 Fasterxml Jackson Databind 2.4.6.1 Fasterxml Jackson Databind 2.5.0 Fasterxml Jackson Databind 2.5.1 Fasterxml Jackson Databind 2.5.2 Fasterxml Jackson Databind 2.5.3 Fasterxml Jackson Databind 2.5.4 Fasterxml Jackson Databind 2.5.5 Fasterxml Jackson Databind 2.6.0 Fasterxml Jackson Databind 2.6.1 Fasterxml Jackson Databind 2.6.2 Fasterxml Jackson Databind 2.6.3 Fasterxml Jackson Databind 2.6.4 Fasterxml Jackson Databind 2.6.5 Fasterxml Jackson Databind 2.6.6 Fasterxml Jackson Databind 2.6.7 Fasterxml Jackson Databind 2.6.7.1 Fasterxml Jackson Databind 2.6.7.2 Fasterxml Jackson Databind 2.6.7.3 Fasterxml Jackson Databind 2.6.7.4 Fasterxml Jackson Databind 2.6.7.5 Fasterxml Jackson Databind 2.7.0 Fasterxml Jackson Databind 2.7.1 Fasterxml Jackson Databind 2.7.1-1 Fasterxml Jackson Databind 2.7.2 Fasterxml Jackson Databind 2.7.3 Fasterxml Jackson Databind 2.7.4 Fasterxml Jackson Databind 2.7.5 Fasterxml Jackson Databind 2.7.6 Fasterxml Jackson Databind 2.7.7 Fasterxml Jackson Databind 2.7.8 Fasterxml Jackson Databind 2.7.9 Fasterxml Jackson Databind 2.7.9.1 Fasterxml Jackson Databind 2.7.9.2 Fasterxml Jackson Databind 2.7.9.3 Fasterxml Jackson Databind 2.7.9.4 Fasterxml Jackson Databind 2.7.9.5 Fasterxml Jackson Databind 2.7.9.6 Fasterxml Jackson Databind 2.7.9.7 Fasterxml Jackson Databind 2.8.0 Fasterxml Jackson Databind 2.8.1 Fasterxml Jackson Databind 2.8.2 Fasterxml Jackson Databind 2.8.3 Fasterxml Jackson Databind 2.8.4 Fasterxml Jackson Databind 2.8.5 Fasterxml Jackson Databind 2.8.6 Fasterxml Jackson Databind 2.8.7 Fasterxml Jackson Databind 2.8.8 Fasterxml Jackson Databind 2.8.8.1 Fasterxml Jackson Databind 2.8.9 Fasterxml Jackson Databind 2.8.10 Fasterxml Jackson Databind 2.8.11 Fasterxml Jackson Databind 2.8.11.1 Fasterxml Jackson Databind 2.8.11.2 Fasterxml Jackson Databind 2.8.11.3 Fasterxml Jackson Databind 2.8.11.4 Fasterxml Jackson Databind 2.8.11.5 Fasterxml Jackson Databind 2.8.11.6 Fasterxml Jackson Databind 2.9.0 Fasterxml Jackson Databind 2.9.1 Fasterxml Jackson Databind 2.9.2 Fasterxml Jackson Databind 2.9.3 Fasterxml Jackson Databind 2.9.4 Fasterxml Jackson Databind 2.9.5 Fasterxml Jackson Databind 2.9.6 Fasterxml Jackson Databind 2.9.7 Fasterxml Jackson Databind 2.9.8 Fasterxml Jackson Databind 2.9.9 Fasterxml Jackson Databind 2.9.9.1 Fasterxml Jackson Databind 2.9.9.2 Fasterxml Jackson Databind 2.9.9.3 Fasterxml Jackson Databind 2.9.9.4 Fasterxml Jackson Databind 2.9.10 Fasterxml Jackson Databind 2.9.10.1 Fasterxml Jackson Databind 2.9.10.2 Fasterxml Jackson Databind 2.9.10.3 Fasterxml Jackson Databind 2.9.10.4 Fasterxml Jackson Databind 2.9.10.5 Fasterxml Jackson Databind 2.9.10.6 Fasterxml Jackson Databind 2.9.10.7 Fasterxml Jackson Databind 2.9.10.8 Fasterxml Jackson Databind 2.10.0 Fasterxml Jackson Databind 2.10.1 Fasterxml Jackson Databind 2.10.2 Fasterxml Jackson Databind 2.10.3 Fasterxml Jackson Databind 2.10.4 Fasterxml Jackson Databind 2.10.5 Fasterxml Jackson Databind 2.10.5.1 Fasterxml Jackson Databind 2.11.0 Fasterxml Jackson Databind 2.11.1 Fasterxml Jackson Databind 2.11.2 Fasterxml Jackson Databind 2.11.3 Fasterxml Jackson Databind 2.11.4 Fasterxml Jackson Databind 2.12.0 Fasterxml Jackson Databind 2.12.1 Fasterxml Jackson Databind 2.12.2 Fasterxml Jackson Databind 2.12.3 Fasterxml Jackson Databind 2.12.4 Fasterxml Jackson Databind 2.12.5 Fasterxml Jackson Databind 2.12.6 Fasterxml Jackson Databind 2.13.0 Fasterxml Jackson Databind 2.13.1 Fasterxml Jackson Databind 2.13.2	176
Application	Oracle Oracle Weblogic Server 12.2.1.3.0 Oracle Weblogic Server 12.2.1.4.0 Oracle Weblogic Server 14.1.1.0.0 Oracle Commerce Platform 11.3.1 Oracle Commerce Platform 11.3.0 Oracle Commerce Platform 11.3.2 Oracle Utilities Framework 4.3.0.5.0 Oracle Utilities Framework 4.3.0.6.0 Oracle Utilities Framework 4.4.0.0.0 Oracle Utilities Framework 4.4.0.2.0 Oracle Utilities Framework 4.4.0.3.0 Oracle Utilities Framework 4.4.0.5.0 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59 Oracle Primavera Unifier 19.12 Oracle Primavera Unifier 20.12 Oracle Primavera Unifier 21.12 Oracle Primavera Unifier 18.0 Oracle Primavera Unifier 17.0 Oracle Primavera Unifier 17.1 Oracle Primavera Unifier 17.2 Oracle Primavera Unifier 17.3 Oracle Primavera Unifier 17.4 Oracle Primavera Unifier 17.5 Oracle Primavera Unifier 17.6 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.8 Oracle Primavera Unifier 17.9 Oracle Primavera Unifier 17.10 Oracle Primavera Unifier 17.11 Oracle Primavera Unifier 17.12 Oracle SD WAN Edge 9.0 Oracle SD WAN Edge 9.1 Oracle Coherence 14.1.1.0.0 Oracle Global Lifecycle Management Nextgen OUI Framework 13.9.4.2.2 Oracle Global Lifecycle Management Nextgen OUI Framework - Oracle Global Lifecycle Management Nextgen OUI Framework 12.2.1.3.0 Oracle Global Lifecycle Management Nextgen OUI Framework 12.2.1.4.0 Oracle Primavera Gateway 17.12.0 Oracle Primavera Gateway 17.12.6 Oracle Primavera Gateway 17.12.7 Oracle Primavera Gateway 17.12.8 Oracle Primavera Gateway 17.12.9 Oracle Primavera Gateway 17.12.10 Oracle Primavera Gateway 17.12.11 Oracle Primavera Gateway 20.12.0 Oracle Primavera Gateway 20.12.7 Oracle Primavera Gateway 20.12.8 Oracle Primavera Gateway 20.12.10 Oracle Primavera Gateway 19.12.0 Oracle Primavera Gateway 19.12.4 Oracle Primavera Gateway 19.12.10 Oracle Primavera Gateway 19.12.11 Oracle Primavera Gateway 19.12.12 Oracle Primavera Gateway 21.12.0 Oracle Primavera Gateway 18.8.0 Oracle Primavera Gateway 18.8.8 Oracle Primavera Gateway 18.8.8.1 Oracle Primavera Gateway 18.8.9 Oracle Primavera Gateway 18.8.11 Oracle Primavera Gateway 18.8.12 Oracle Primavera Gateway 18.8.13 Oracle Financial Services Trade Based Anti Money Laundering 8.0.7 Oracle Financial Services Trade Based Anti Money Laundering 8.0.8 Oracle Financial Services Behavior Detection Platform 8.0.8 Oracle Financial Services Behavior Detection Platform 8.0.7.0.0 Oracle Financial Services Behavior Detection Platform 8.1.1.0 Oracle Financial Services Behavior Detection Platform 8.1.1.1 Oracle Financial Services Behavior Detection Platform 8.1.2.0 Oracle BIG Data Spatial AND Graph - Oracle BIG Data Spatial AND Graph 2.0 Oracle Financial Services Enterprise Case Management 8.0.8.1 Oracle Financial Services Enterprise Case Management 8.0.7.1 Oracle Financial Services Enterprise Case Management 8.0.8.0 Oracle Financial Services Enterprise Case Management 8.0.7.2 Oracle Financial Services Enterprise Case Management 8.1.1.0 Oracle Financial Services Enterprise Case Management 8.1.1.1 Oracle Financial Services Enterprise Case Management 8.1.2.0 Oracle Communications Cloud Native Core Console 1.9.0 Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0 Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.1 Oracle Financial Services Analytical Applications Infrastructure 8.1.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.2.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Financial Services Analytical Applications Infrastructure 8.0.8.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.9 Oracle Financial Services Analytical Applications Infrastructure 8.0.9.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.0 Oracle Communications Billing AND Revenue Management 12.0.0.4.0 Oracle Communications Billing AND Revenue Management 12.0.0.5 Oracle Communications Billing AND Revenue Management 12.0.0.6.0 Oracle Communications Cloud Native Core Binding Support Function 22.1.3 Oracle Financial Services Crime AND Compliance Management Studio 8.0.8.2.0 Oracle Financial Services Crime AND Compliance Management Studio 8.0.8.3.0 Oracle Communications Cloud Native Core Network Repository Function 22.2.0 Oracle Communications Cloud Native Core Network Repository Function 22.1.2 Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 Oracle Communications Cloud Native Core Unified Data Repository 22.2.0 Oracle Retail Sales Audit 15.0.3.1 Oracle Health Sciences Empirica Signal 9.1.0.5.2 Oracle Spatial Studio - Oracle Spatial Studio 19.1.0 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.0.0 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.11 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.15.0 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.16.0 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.18.0 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.18.2 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.19.0 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.21 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.23 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.0.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.1.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.2.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.3.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.4.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.5.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.6.0 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.10 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.14 Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.18.0 Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.0.0 Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.3 Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.12.0 Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.0.0 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.0.0 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.1 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.4 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.12 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.14 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.15.0 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.17.0 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.17.1 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.19 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.20 Oracle Communications Cloud Native Core Service Communication Proxy 22.2.0 Oracle Global Lifecycle Management Opatch 11.2.0.3.23 Oracle Global Lifecycle Management Opatch 12.2.0.1.0 Oracle Global Lifecycle Management Opatch 12.2.0.1.19 Oracle Global Lifecycle Management Opatch 12.2.0.1.20 Oracle Global Lifecycle Management Opatch 12.2.0.1.22 Oracle Graph Server AND Client - Oracle Graph Server AND Client 21.3.0	149
Application	Netapp Netapp Snap Creator Framework - Netapp Oncommand Workflow Automation - Netapp Oncommand Insight - Netapp Active IQ Unified Manager - Netapp Cloud Insights Acquisition Unit -	7
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References