CVE-2022-45685: 
Java vulnerability analysis and mitigation

A stack overflow vulnerability was discovered in Jettison before version 1.5.2 (CVE-2022-45685), which was disclosed on December 13, 2022. The vulnerability affects the Jettison library, a collection of StAX parsers and writers for JSON. This security flaw allows attackers to cause a Denial of Service (DoS) through crafted JSON data (NVD, CVE).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical nature of the vulnerability is a stack overflow condition that can be triggered by processing specially crafted JSON input. The vulnerability is categorized as CWE-787 (Out-of-bounds Write) (NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition, affecting the availability of systems using the vulnerable Jettison library. The impact is particularly concerning as it requires no privileges or user interaction to exploit, and can be triggered remotely (NVD).

The vulnerability has been fixed in Jettison version 1.5.2 and later. Various Linux distributions have also released security updates to address this vulnerability. Debian has released fixes in version 1.5.3-1~deb11u1 for bullseye and 1.5.3-1~deb10u1 for buster. Ubuntu has provided fixes across multiple releases including version 1.4.1-1ubuntu0.22.04.1 for Ubuntu 22.04 LTS (Debian Security, Ubuntu Security).