| Package | libxstream-java |
|---|---|
| Version | 1.4.11.1-1+deb8u7 (jessie), 1.4.11.1-1+deb10u5 (buster) |
| Related CVEs | CVE-2024-47072 |
XStream is a Java library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream has been patched to detect the manipulation in the binary input stream causing the stack overflow and raises an InputManipulationException instead.
For Debian 10 buster, these problems have been fixed in version 1.4.11.1-1+deb10u5.
For Debian 8 jessie, these problems have been fixed in version 1.4.11.1-1+deb8u7.
We recommend that you upgrade your libxstream-java packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.