CVE-2022-45693: 
Java vulnerability analysis and mitigation

Jettison before version 1.5.2 contains a stack overflow vulnerability (CVE-2022-45693) that was discovered in December 2022. The vulnerability exists in the map parameter functionality, where if a map contains a self-reference, it can trigger a StackOverflowError (NVD, Ubuntu).

The vulnerability occurs when creating a new JSONObject from a map where the map contains a self-reference as a value. This recursive reference triggers a stack overflow condition during object creation. The vulnerability has been assigned a CVSS 3.1 base score of 7.5 (High), with attack vector being Network, attack complexity Low, and requiring no privileges or user interaction (Ubuntu).

When successfully exploited, this vulnerability allows attackers to cause a Denial of Service (DoS) condition via a crafted string. The impact primarily affects the availability of the system, with no direct effect on confidentiality or integrity (NVD, Ubuntu).

The vulnerability has been fixed in Jettison version 1.5.2. Various Linux distributions have released security updates to address this vulnerability, including Ubuntu (versions 22.10, 22.04 LTS, 20.04 LTS, and others) and Debian (version 1.5.3-1). Users are recommended to upgrade to the patched versions (Ubuntu, Debian).