Tag :
Cyber Security

1. Summary

Vulnerability Name XStream Denial of Service Vulnerability (CVE-2022-41966)
Release Date December 29, 2022
Component Name XStream
Affected Versions XStream < 1.4.20
Vulnerability Type Denial of Service Vulnerability
Severity CVSS v3 Base Score: 7.5 (High)
Exploitability Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None
Impact Confidentiality Impact: None

Integrity Impact: None

Availability Impact: High

2. About CVE-2022-41966

2.1 Introduction

XStream is a Java library used to serialize objects to XML or JSON, or deserialize them into objects. XStream is free software, distributed under a BSD license.

2.2 Summary

On Dec 29, 2022, Sangfor FarSight Labs received a notice about a denial of service vulnerability in XStream (CVE-2022-41966), classified as High severity with a CVSS score of 7.5 (NVD).

This vulnerability is caused by XStream not effectively validating the input data when deserializing it. An attacker can inject a malicious object by manipulating the serialized input data to trigger a stack overflow that terminates the application when XStream calculates hashcode recursively, resulting in a denial of service. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead.

3. Affected Versions

XStream < 1.4.20

4. Solutions

4.1 Remediation Solutions

4.1.1 Official Solution

XStream has released a patch for affected versions to fix this vulnerability. Please download the patch corresponding to the affected version from the following link: https://x-stream.github.io/download.html

4.2 Sangfor Solutions

4.2.1 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the XStream denial of service vulnerability (CVE-2022-41966):

4.2.2 Security Protection

The following Sangfor products and services provide protection against the XStream denial of service vulnerability (CVE-2022-41966):

5. Timeline

On Dec 29, 2022, Sangfor FarSight Labs received a notice about the XStream denial of service vulnerability (CVE-2022-41966). 

On Dec 29, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://x-stream.github.io/CVE-2022-41966.html

https://nvd.nist.gov/vuln/detail/CVE-2022-41966

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 16 Jan 2026
Read Now

XML External Entity Injection (XXE) in Apache Struts (CVE-2025-68493)

Date : 16 Jan 2026
Read Now

Roundup of Microsoft Patch Tuesday (January 2026)

Date : 15 Jan 2026
Read Now

See Other Product

Platform-X
Sangfor Access Secure - A SASE Solution
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2025
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail