CVE-2024-47072
📋 TL;DR
This CVE describes a denial-of-service vulnerability in XStream when configured with BinaryStreamDriver. Attackers can send specially crafted binary input to trigger a stack overflow, crashing the application. Only systems using XStream with BinaryStreamDriver are affected.
💻 Affected Systems
- XStream
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote unauthenticated attacker causes application crash and denial of service, potentially disrupting critical business functions.
Likely Case
Application crashes with StackOverflowError, requiring restart and causing temporary service disruption.
If Mitigated
Application continues running normally with proper patching or workarounds in place.
🎯 Exploit Status
Exploit requires sending specially crafted binary input to vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.21
Vendor Advisory: https://x-stream.github.io/CVE-2024-47072.html
Restart Required: Yes
Instructions:
1. Update XStream dependency to version 1.4.21 or later. 2. Rebuild and redeploy application. 3. Restart affected services.
🔧 Temporary Workarounds
Catch StackOverflowError
allWrap XStream calls in try-catch blocks to handle StackOverflowError when using BinaryStreamDriver
try { xstream.fromXML(input); } catch (StackOverflowError e) { // Handle error }
Switch to XML driver
allConfigure XStream to use XML drivers instead of BinaryStreamDriver
XStream xstream = new XStream(new DomDriver());
🧯 If You Can't Patch
- Implement input validation and sanitization for binary data
- Use network segmentation and firewalls to restrict access to vulnerable endpoints
🔍 How to Verify
Check if Vulnerable:
Check if application uses XStream version <1.4.21 with BinaryStreamDriver configurationCheck Version:
Check build configuration files (pom.xml, build.gradle) for XStream dependency versionVerify Fix Applied:
Verify XStream version is 1.4.21 or later in dependencies📡 Detection & Monitoring
Log Indicators:
- StackOverflowError in application logs
- Application crash/restart events
- InputManipulationException (after patch)
Network Indicators:
- Unusual binary data patterns to XStream endpoints
- Increased error responses from application
SIEM Query:
source="app_logs" AND ("StackOverflowError" OR "InputManipulationException")