vulnerability

Red Hat: CVE-2025-52999: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 25, 2025
Added
Jul 9, 2025
Modified
Aug 21, 2025

Description

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-apache-commons-collectionsredhat-upgrade-apache-commons-langredhat-upgrade-apache-commons-netredhat-upgrade-bea-stax-apiredhat-upgrade-fasterxml-oss-parentredhat-upgrade-glassfish-fastinfosetredhat-upgrade-glassfish-jaxb-apiredhat-upgrade-glassfish-jaxb-coreredhat-upgrade-glassfish-jaxb-runtimeredhat-upgrade-glassfish-jaxb-txw2redhat-upgrade-jackson-annotationsredhat-upgrade-jackson-bomredhat-upgrade-jackson-coreredhat-upgrade-jackson-databindredhat-upgrade-jackson-jaxrs-json-providerredhat-upgrade-jackson-jaxrs-providersredhat-upgrade-jackson-module-jaxb-annotationsredhat-upgrade-jackson-modules-baseredhat-upgrade-jackson-parentredhat-upgrade-jakarta-commons-httpclientredhat-upgrade-javassistredhat-upgrade-javassist-javadocredhat-upgrade-pki-jackson-annotationsredhat-upgrade-pki-jackson-coreredhat-upgrade-pki-jackson-databindredhat-upgrade-pki-jackson-jaxrs-json-providerredhat-upgrade-pki-jackson-jaxrs-providersredhat-upgrade-pki-jackson-module-jaxb-annotationsredhat-upgrade-pki-servlet-engineredhat-upgrade-relaxngdatatyperedhat-upgrade-slf4jredhat-upgrade-slf4j-jdk14redhat-upgrade-stax-exredhat-upgrade-velocityredhat-upgrade-xalan-j2redhat-upgrade-xerces-j2redhat-upgrade-xml-commons-apisredhat-upgrade-xml-commons-resolverredhat-upgrade-xmlstreambufferredhat-upgrade-xsom

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today