VDB

CVE-2018-1000873

CVE-2018-1000873 PUBLISHED

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

EPSS 2.19% · 84.7th percentile

Risk Scores

EPSS Score
2.19%
84.7th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSjackson-databind2.4.2-2, 2.4.2-3ubuntu0.1~esm1, 2.4.2-3ubuntu0.1~esm2
Ubuntu:24.04:LTSjackson-databind0, 2.14.0-1
Ubuntu:Pro:14.04:LTSjackson-databind0, 2.2.2-1, 2.2.2-1ubuntu0.1~esm1
Ubuntu:22.04:LTSjackson-databind2.12.1-1, 2.13.0-1, 2.13.0-2
Ubuntu:18.04:LTSjackson-databind*, 2.8.6-1, 2.9.1-1
Ubuntu:25.10jackson-databind2.14.0+ds-1, 0
Ubuntu:20.04:LTSjackson-databind2.10.2-1, 2.10.1-1, 2.10.0-2

Timeline

  • Dec 20, 2018 CVE Published
  • Apr 16, 2019 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
  • Jun 1, 2025 EPSS Score
  • Jun 4, 2025 EPSS Score
  • Jul 1, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›