{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3588", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-14T12:38:05.043Z", "datePublished": "2025-04-14T20:31:04.933Z", "dateUpdated": "2025-04-14T20:51:21.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-14T20:31:04.933Z"}, "title": "joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "joelittlejohn", "product": "jsonschema2pojo", "versions": [{"version": "1.2.2", "status": "affected"}], "modules": ["JSON File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in joelittlejohn jsonschema2pojo 1.2.2 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion apply der Datei org/jsonschema2pojo/rules/SchemaRule.java der Komponente JSON File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-04-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-14T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-14T14:43:11.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "kar3nk (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.304643", "name": "VDB-304643 | joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.304643", "name": "VDB-304643 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.550136", "name": "Submit #550136 | https://github.com/joelittlejohn/ https://github.com/joelittlejohn/jsonschema2pojo/ 1.2.2 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672", "tags": ["issue-tracking"]}, {"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816", "tags": ["exploit"]}, {"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T20:51:17.506772Z", "id": "CVE-2025-3588", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T20:51:21.686Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3588", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-14T12:38:05.043Z", "datePublished": "2025-04-14T20:31:04.933Z", "dateUpdated": "2025-04-14T20:51:21.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-14T20:31:04.933Z"}, "title": "joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "joelittlejohn", "product": "jsonschema2pojo", "versions": [{"version": "1.2.2", "status": "affected"}], "modules": ["JSON File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in joelittlejohn jsonschema2pojo 1.2.2 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion apply der Datei org/jsonschema2pojo/rules/SchemaRule.java der Komponente JSON File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-04-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-14T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-14T14:43:11.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "kar3nk (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.304643", "name": "VDB-304643 | joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.304643", "name": "VDB-304643 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.550136", "name": "Submit #550136 | https://github.com/joelittlejohn/ https://github.com/joelittlejohn/jsonschema2pojo/ 1.2.2 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672", "tags": ["issue-tracking"]}, {"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3588", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T20:51:17.506772Z"}}}], "references": [{"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816", "tags": ["exploit"]}, {"url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T20:51:12.800Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en joelittlejohn jsonschema2pojo 1.2.2. Este problema afecta la funci\u00f3n \"app\" del archivo org/jsonschema2pojo/rules/SchemaRule.java del componente \"JSON File Handler\". La manipulaci\u00f3n provoca un desbordamiento de b\u00fafer en la pila. Es necesario realizar ataques locales. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-3588", "lastModified": "2025-04-15T18:39:27.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-14T21:15:18.343", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672"}, {"source": "cna@vuldb.com", "url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.304643"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.304643"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.550136"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "jsonschema2pojo: joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow", "id": "2359604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359604"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-121)", "details": ["A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "A flaw was found in jsonschema2pojo, specifically in the apply function within SchemaRule.java. The issue leads to a stack-based buffer overflow, requiring local system access for exploitation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-3588", "package_state": [{"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-core", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-core", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-core", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-maven-plugin", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-scalagen", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-core", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-gradle-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-maven-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "kubernetes-model-jsonschema2pojo", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-gradle-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-maven-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "kubernetes-model-jsonschema2pojo", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-core", "product_name": "streams for Apache Kafka"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Fix deferred", "package_name": "jsonschema2pojo-maven-plugin", "product_name": "streams for Apache Kafka"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Fix deferred", "package_name": "kubernetes-model-jsonschema2pojo", "product_name": "streams for Apache Kafka"}], "public_date": "2025-04-14T20:31:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3588\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3588\nhttps://github.com/joelittlejohn/jsonschema2pojo/issues/1672\nhttps://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816\nhttps://vuldb.com/?ctiid.304643\nhttps://vuldb.com/?id.304643\nhttps://vuldb.com/?submit.550136"], "threat_severity": "Moderate"}