CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

History

29 Nov 2022, 22:12

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

27 Nov 2022, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html -

21 Nov 2022, 18:17

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
References (DEBIAN) https://www.debian.org/security/2022/dsa-5283 - (DEBIAN) https://www.debian.org/security/2022/dsa-5283 - Third Party Advisory

17 Nov 2022, 21:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5283 -

05 Oct 2022, 19:23

Type Values Removed Values Added
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0004/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html - Exploit, Mailing List, Third Party Advisory
First Time Oracle financial Services Enterprise Case Management
Oracle utilities Framework
Oracle financial Services Behavior Detection Platform
Oracle sd-wan Edge
Oracle communications Cloud Native Core Network Repository Function
Oracle communications Cloud Native Core Binding Support Function
Netapp active Iq Unified Manager
Oracle primavera P6 Enterprise Project Portfolio Management
Debian debian Linux
Oracle primavera Gateway
Oracle financial Services Crime And Compliance Management Studio
Oracle health Sciences Empirica Signal
Oracle graph Server And Client
Oracle communications Cloud Native Core Unified Data Repository
Oracle communications Cloud Native Core Security Edge Protection Proxy
Oracle global Lifecycle Management Nextgen Oui Framework
Oracle big Data Spatial And Graph
Netapp snap Creator Framework
Oracle financial Services Analytical Applications Infrastructure
Debian
Netapp cloud Insights Acquisition Unit
Oracle commerce Platform
Netapp oncommand Workflow Automation
Oracle communications Cloud Native Core Service Communication Proxy
Netapp oncommand Insight
Oracle primavera Unifier
Oracle spatial Studio
Oracle coherence
Oracle global Lifecycle Management Opatch
Oracle retail Sales Audit
Oracle communications Billing And Revenue Management
Oracle weblogic Server
Netapp
Oracle peoplesoft Enterprise Peopletools
Oracle communications Cloud Native Core Network Slice Selection Function
Oracle financial Services Trade-based Anti Money Laundering
CPE cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*

25 Jul 2022, 18:15

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

06 May 2022, 14:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220506-0004/ -

02 May 2022, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html -

27 Apr 2022, 19:28

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory
First Time Oracle
Oracle communications Cloud Native Core Console
CPE cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

18 Mar 2022, 19:52

Type Values Removed Values Added
References (MISC) https://github.com/FasterXML/jackson-databind/issues/2816 - (MISC) https://github.com/FasterXML/jackson-databind/issues/2816 - Issue Tracking, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-787
First Time Fasterxml jackson-databind
Fasterxml
CPE cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

11 Mar 2022, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-11 07:15

Updated : 2023-12-10 14:22


NVD link : CVE-2020-36518

Mitre link : CVE-2020-36518

CVE.ORG link : CVE-2020-36518


JSON object : View

Products Affected

oracle

  • graph_server_and_client
  • financial_services_behavior_detection_platform
  • global_lifecycle_management_opatch
  • spatial_studio
  • financial_services_analytical_applications_infrastructure
  • sd-wan_edge
  • coherence
  • primavera_p6_enterprise_project_portfolio_management
  • communications_cloud_native_core_security_edge_protection_proxy
  • health_sciences_empirica_signal
  • global_lifecycle_management_nextgen_oui_framework
  • primavera_unifier
  • communications_cloud_native_core_binding_support_function
  • financial_services_enterprise_case_management
  • primavera_gateway
  • commerce_platform
  • communications_cloud_native_core_console
  • communications_cloud_native_core_network_slice_selection_function
  • utilities_framework
  • peoplesoft_enterprise_peopletools
  • big_data_spatial_and_graph
  • financial_services_crime_and_compliance_management_studio
  • communications_cloud_native_core_network_repository_function
  • communications_billing_and_revenue_management
  • financial_services_trade-based_anti_money_laundering
  • retail_sales_audit
  • weblogic_server
  • communications_cloud_native_core_unified_data_repository
  • communications_cloud_native_core_service_communication_proxy

netapp

  • snap_creator_framework
  • cloud_insights_acquisition_unit
  • oncommand_workflow_automation
  • oncommand_insight
  • active_iq_unified_manager

debian

  • debian_linux

fasterxml

  • jackson-databind
CWE
CWE-787

Out-of-bounds Write