CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

Published: Dec 20, 2018
Updated: Nov 8, 2023
CVE: CVE-2018-1000873
GHSA: GHSA-h4x4-5qp2-wp46
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
fasterxml / jackson-modules-java8	-	2.9.8
oracle / database_server	12.1.0.2	12.1.0.2.x
oracle / database_server	12.2.0.1	12.2.0.1.x
oracle / database_server	18c	18c.x
oracle / database_server	19c	19c.x
oracle / clusterware	12.1.0.2.0	12.1.0.2.0.x
oracle / global_lifecycle_management_opatch	-	11.2.0.3.23
oracle / nosql_database	-	19.3.12
oracle / global_lifecycle_management_opatch	12.2.0.1.0	12.2.0.1.19
oracle / global_lifecycle_management_opatch	13.9.4.0.0	13.9.4.2.1
netapp / active_iq_unified_manager	7.3	7.3.x
netapp / active_iq_unified_manager	9.5	9.5.x
com.fasterxml.jackson.datatype / jackson-datatype-jsr310	-	2.9.8

Vulnerability Database

289,599

CVE-2018-1000873