References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

GitHub, Inc. CWE-121

GitHub, Inc. CWE-502

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised 

GitHub, Inc. https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266 [No types assigned]

GitHub, Inc. https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q [No types assigned]

GitHub, Inc. https://x-stream.github.io/CVE-2024-47072.html [No types assigned]