What is CVE-2022-45693?

CVE-2022-45693 is a vulnerability in Jettison that allows a remote attacker to cause a denial of service through a stack-based buffer overflow.

How does CVE-2022-45693 impact Jettison?

CVE-2022-45693 can lead to a denial of service in Jettison by exploiting a stack-based buffer overflow vulnerability.

What is the severity level of CVE-2022-45693?

CVE-2022-45693 has a severity level of high.

Which versions of Jettison are affected by CVE-2022-45693?

Versions 1.5.2 and below of Jettison are affected by CVE-2022-45693.

How can I fix CVE-2022-45693?

To fix CVE-2022-45693, update Jettison to a version higher than 1.5.2.

Vulnerability/
CVE-2022-45693

high

7.5

CWE

119 787

13/12/2022

3/8/2024

CVE-2022-45693: Buffer Overflow

First published: Tue Dec 13 2022(Updated: )

Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker could exploit this vulnerability to cause a denial of service.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM Sterling Secure Proxy	<=6.0.3
IBM Sterling Secure Proxy	<=6.1.0
Jettison Project Jettison	<1.5.2
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
redhat/jenkins	<2-plugins-0:4.12.1686649756-1.el8	2-plugins-0:4.12.1686649756-1.el8
redhat/eap7-jettison	<0:1.5.2-1.redhat_00002.1.el8ea	0:1.5.2-1.redhat_00002.1.el8ea
redhat/eap7-jettison	<0:1.5.2-1.redhat_00002.1.el9ea	0:1.5.2-1.redhat_00002.1.el9ea
redhat/eap7-jettison	<0:1.5.2-1.redhat_00002.1.el7ea	0:1.5.2-1.redhat_00002.1.el7ea
redhat/rh-sso7-keycloak	<0:18.0.6-1.redhat_00001.1.el7	0:18.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak	<0:18.0.6-1.redhat_00001.1.el8	0:18.0.6-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak	<0:18.0.6-1.redhat_00001.1.el9	0:18.0.6-1.redhat_00001.1.el9
debian/libjettison-java	<=1.4.0-1	1.5.3-1~deb10u1 1.5.3-1~deb11u1 1.5.3-1 1.5.4-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-45693?
CVE-2022-45693 is a vulnerability in Jettison that allows a remote attacker to cause a denial of service through a stack-based buffer overflow.
How does CVE-2022-45693 impact Jettison?
CVE-2022-45693 can lead to a denial of service in Jettison by exploiting a stack-based buffer overflow vulnerability.
What is the severity level of CVE-2022-45693?
CVE-2022-45693 has a severity level of high.
Which versions of Jettison are affected by CVE-2022-45693?
Versions 1.5.2 and below of Jettison are affected by CVE-2022-45693.
How can I fix CVE-2022-45693?
To fix CVE-2022-45693, update Jettison to a version higher than 1.5.2.

collector/redhat-cve
collector/security-tracker-debian
collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
agent/author
agent/severity
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-45693
agent/software-canonical-lookup
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/ibm-support
source/IBM
package-manager/redhat
package-manager/debian
vendor/jettison project
canonical/jettison project jettison
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
vendor/ibm
canonical/ibm sterling secure proxy
version/ibm sterling secure proxy/6.0.3
version/ibm sterling secure proxy/6.1.0