Name | CVE-2020-28491 |
Description | This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 983664 |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
[bookworm] - jackson-dataformat-cbor <ignored> (Minor issue)
[bullseye] - jackson-dataformat-cbor <no-dsa> (Minor issue)
[buster] - jackson-dataformat-cbor <no-dsa> (Minor issue)
[stretch] - jackson-dataformat-cbor <no-dsa> (Minor issue; https://people.debian.org/~abhijith/CVE-2020-28491.txt)
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
https://github.com/FasterXML/jackson-dataformats-binary/issues/186