Home > Vulnerability Database > CVE-2020-36518

Mend.io Vulnerability Database

CVE-2020-36518

Good to know:

Date: March 10, 2022

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.

Language: Java

Severity Score

7.5

Related Resources (20)

Url: https://security-tracker.debian.org/tracker/CVE-2020-36518

Url: https://github.com/FasterXML/jackson-databind/issues/2816

Url: https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

Url: https://security.netapp.com/advisory/ntap-20220506-0004

Url: https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b

Url: https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126

Url: https://github.com/FasterXML/jackson-databind

Url: https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html

Url: https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b

Url: https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de

Url: https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36518

Url: https://security.netapp.com/advisory/ntap-20220506-0004/

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://www.debian.org/security/2022/dsa-5283

Url: https://www.oracle.com/security-alerts/cpujul2022.html

Url: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13

Url: https://access.redhat.com/security/cve/CVE-2020-36518

Url: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12

Url: https://www.mend.io/vulnerability-database/CVE-2020-36518

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.13.2.1;com.fasterxml.jackson.core:jackson-databind:2.12.6.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36518

Good to know:

Date: March 10, 2022

Language: Java

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?