CVE-2022-40156: Buffer Overflow

Reference Links

• https://exchange.xforce.ibmcloud.com/vulnerabilities/236359
• https://www.ibm.com/support/pages/node/6846257 (Advisory)
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50841
• https://github.com/x-stream/xstream/issues/304
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134297
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134298
• https://access.redhat.com/security/cve/cve-2022-40156
• https://access.redhat.com/errata/RHSA-2023:0469
• https://access.redhat.com/errata/RHSA-2023:2100
• https://access.redhat.com/errata/RHSA-2023:3641
• https://bugzilla.redhat.com/show_bug.cgi?id=2134288
• https://www.cve.org/CVERecord?id=CVE-2022-40156 https://nvd.nist.gov/vuln/detail/CVE-2022-40156

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2023:0469
• RHSA-2023:3641
• RHSA-2023:2100
• IBM-6846257

Frequently Asked Questions

• What is CVE-2022-40156?

  CVE-2022-40156 is a vulnerability in XStream that allows an attacker to cause a denial of service.

• How does CVE-2022-40156 affect IBM Disconnected Log Collector?

  IBM Disconnected Log Collector versions v1.0 to v1.8.2 are affected by CVE-2022-40156.

• What is the severity of CVE-2022-40156?

  CVE-2022-40156 has a high severity rating of 7.

• How can a remote authenticated attacker exploit CVE-2022-40156?

  A remote authenticated attacker can send a specially-crafted XML data to exploit CVE-2022-40156 and cause a denial of service.

• Where can I find more information about CVE-2022-40156?

  You can find more information about CVE-2022-40156 at the following references: [1] [2] [3]