/

CVE-2022-25647 Report - Details, Severity, & Advisorie...

CVE-2022-25647 Report - Details, Severity, & Advisories

Twingate Team

May 31, 2024

What is CVE-2022-25647?

CVE-2022-25647 is a high-severity vulnerability affecting the package com.google.code.gson:gson before version 2.8.9. This vulnerability is related to the deserialization of untrusted data via the writeReplace method in internal classes, which may lead to denial of service (DoS) attacks.

Who is impacted by CVE-2022-25647?

This issue is related to the deserialization of untrusted data, which may lead to denial of service (DoS) attacks. Users of Debian 9 stretch systems with the libgoogle-gson-java package installed are also at risk.

What should I do if I’m affected?

If you're affected by the CVE-2022-25647 vulnerability, it's important to take action to protect your systems. To mitigate this vulnerability, follow these steps:

  1. Upgrade the com.google.code.gson:gson package to version 2.8.9 or later.

  2. For Debian 9 stretch users, update the libgoogle-gson-java package to version 2.4-1+deb9u1, as mentioned in the Debian security update.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-25647 vulnerability, known as "Deserialization of Untrusted Data in com.google.code.gson:gson," is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data.

Learn More

For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-25647 Report - Details, Severity, & Advisorie...

CVE-2022-25647 Report - Details, Severity, & Advisories

Twingate Team

May 31, 2024

What is CVE-2022-25647?

CVE-2022-25647 is a high-severity vulnerability affecting the package com.google.code.gson:gson before version 2.8.9. This vulnerability is related to the deserialization of untrusted data via the writeReplace method in internal classes, which may lead to denial of service (DoS) attacks.

Who is impacted by CVE-2022-25647?

This issue is related to the deserialization of untrusted data, which may lead to denial of service (DoS) attacks. Users of Debian 9 stretch systems with the libgoogle-gson-java package installed are also at risk.

What should I do if I’m affected?

If you're affected by the CVE-2022-25647 vulnerability, it's important to take action to protect your systems. To mitigate this vulnerability, follow these steps:

  1. Upgrade the com.google.code.gson:gson package to version 2.8.9 or later.

  2. For Debian 9 stretch users, update the libgoogle-gson-java package to version 2.4-1+deb9u1, as mentioned in the Debian security update.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-25647 vulnerability, known as "Deserialization of Untrusted Data in com.google.code.gson:gson," is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data.

Learn More

For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-25647 Report - Details, Severity, & Advisories

Twingate Team

May 31, 2024

What is CVE-2022-25647?

CVE-2022-25647 is a high-severity vulnerability affecting the package com.google.code.gson:gson before version 2.8.9. This vulnerability is related to the deserialization of untrusted data via the writeReplace method in internal classes, which may lead to denial of service (DoS) attacks.

Who is impacted by CVE-2022-25647?

This issue is related to the deserialization of untrusted data, which may lead to denial of service (DoS) attacks. Users of Debian 9 stretch systems with the libgoogle-gson-java package installed are also at risk.

What should I do if I’m affected?

If you're affected by the CVE-2022-25647 vulnerability, it's important to take action to protect your systems. To mitigate this vulnerability, follow these steps:

  1. Upgrade the com.google.code.gson:gson package to version 2.8.9 or later.

  2. For Debian 9 stretch users, update the libgoogle-gson-java package to version 2.4-1+deb9u1, as mentioned in the Debian security update.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-25647 vulnerability, known as "Deserialization of Untrusted Data in com.google.code.gson:gson," is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data.

Learn More

For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.