Description

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

INFO

Published Date :

2024-11-07T23:38:52.978Z

Last Modified :

2025-11-03T22:19:56.488Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47072 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Jboss Data Grid
  • Ocp Tools
X-stream
  • X-stream
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47072.

URL Resource
https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266 cve-icon cve-icon cve-icon
https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47072 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47072 cve-icon
https://x-stream.github.io/CVE-2024-47072.html cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact