Vulnerability/
CVE-2022-45685

CVE-2022-45685: Buffer Overflow

Published Dec 13, 2022

·

Updated

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

Other sources

Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string using JSON data, a remote attacker could exploit this vulnerability to cause a denial of service.

— IBM

Affected Software

11 affected componentsFixes available

debian/libjettison-java<=1.4.0-1

1.5.3-1~deb10u11.5.3-1~deb11u11.5.3-11.5.4-1

IBM Data Virtualization on Cloud Pak for Data<=3.0

IBM Watson Query on Cloud Pak for Data<=2.2

IBM Watson Query on Cloud Pak for Data<=2.1

IBM Watson Query on Cloud Pak for Data<=2.0

IBM Data Virtualization on Cloud Pak for Data<=1.8

IBM Data Virtualization on Cloud Pak for Data<=1.7

redhat/jettison<1.5.2

1.5.2

Jettison Project Jettison<1.5.2

Debian Debian Linux=10.0

Debian Debian Linux=11.0

Event History

Dec 13, 2022

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Jun 13, 2023

Data Sourced

via Red Hat·06:24 PM

DescriptionSeverityAffected Software

Aug 15, 2025

Data Sourced

via IBM·03:29 PM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7183851

CVSS Score

7.5High

High Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Security Metrics

Risk Score46

Severityhigh(7.5)

CWE

119787

Timeline

PublishedDec 13, 2022

Updated

References

Tags

collector/security-tracker-debianagent/typeagent/weaknessagent/first-publish-dateagent/authoragent/trendingagent/sourceagent/referencesagent/severitycollector/nvd-indexagent/software-canonical-lookup-requestcollector/mitre-cvesource/MITREcollector/nvd-apisource/NVDagent/software-canonical-lookupagent/softwarecombinecollector/ibm-supportsource/IBMagent/descriptionagent/eventagent/risk-scoreagent/tagscollector/redhat-bugzillasource/Red Hatalias/CVE-2022-45685agent/last-modified-datepackage-manager/debianvendor/ibmcanonical/ibm data virtualization on cloud pak for dataversion/ibm data virtualization on cloud pak for data/3.0canonical/ibm watson query on cloud pak for dataversion/ibm watson query on cloud pak for data/2.2version/ibm watson query on cloud pak for data/2.1version/ibm watson query on cloud pak for data/2.0version/ibm data virtualization on cloud pak for data/1.8version/ibm data virtualization on cloud pak for data/1.7package-manager/redhatvendor/jettison projectcanonical/jettison project jettisonvendor/debiancanonical/debian debian linuxversion/debian debian linux/10.0version/debian debian linux/11.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203