CVE-2017-7957
remote application crash vulnerability in com.thoughtworks.xstream:xstream
What is CVE-2017-7957 About?
This vulnerability in XStream allows a remote application crash by mishandling attempts to create an instance of the primitive type 'void' during unmarshalling. This can lead to a denial of service. Exploitation is relatively straightforward by providing a specific XML input.
Affected Software
Technical Details
The vulnerability resides in XStream versions through 1.4.9, specifically during the unmarshalling process. If a 'denyTypes' workaround is not in place, XStream attempts to create an instance of the primitive type 'void' when an XML input like '<void/>' is received. This operation is not handled gracefully by the library, leading to an unhandled exception or internal error that culminates in a remote application crash. The mechanism is a fundamental failure in type instantiation logic when presented with an unexpected, yet simple, primitive type. This leads to resource exhaustion or an unrecoverable state for the application.
What is the Impact of CVE-2017-7957?
Successful exploitation may allow attackers to cause a denial of service by crashing the remote application, rendering it unavailable to legitimate users.
What is the Exploitability of CVE-2017-7957?
Exploitation of this vulnerability is low complexity, as it merely requires sending a specific XML string. No authentication is typically required if the application exposes an XStream unmarshalling endpoint to unauthenticated users. The attack is remote, as it involves sending data to a remote application. No special privileges are required by the attacker. The primary risk factor that increases exploitation likelihood is the absence of the 'denyTypes' workaround or any other security mechanism to restrict creation of specific types during unmarshalling in XStream versions 1.4.9 and older.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2017-7957?
Available Upgrade Options
- com.thoughtworks.xstream:xstream
- <1.4.10 → Upgrade to 1.4.10
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/x-stream/xstream/commit/b3570be2f39234e61f99f9a20640756ea71b1b4
- https://access.redhat.com/errata/RHSA-2017:1832
- https://www-prd-trops.events.ibm.com/node/715749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/125800
- https://github.com/x-stream/xstream/commit/8542d02d9ac5d384c85f4b33d6c1888c53bd55d
- http://www.debian.org/security/2017/dsa-3841
- http://www.securitytracker.com/id/1039499
- https://github.com/x-stream/xstream
- http://x-stream.github.io/CVE-2017-7957.html
- https://access.redhat.com/errata/RHSA-2017:1832
What are Similar Vulnerabilities to CVE-2017-7957?
Similar Vulnerabilities: CVE-2013-7285 , CVE-2017-18641 , CVE-2018-1000104 , CVE-2019-1000001 , CVE-2020-26217
