XStream is a Java library designed for serializing objects to XML and deserializing XML back into objects. The vulnerability identified as CVE-2024-47072 is a stack-based buffer overflow (CWE-121) that occurs specifically when XStream is configured to use the BinaryStreamDriver for processing binary XML input streams. An attacker can craft malicious binary input that causes the stack to overflow during deserialization, leading to an application crash and denial of service (DoS). This vulnerability does not allow code execution or data corruption but disrupts service availability. The flaw arises from insufficient input validation and improper handling of binary stream data, which leads to uncontrolled recursion or buffer writes on the stack. XStream version 1.4.21 includes a patch that detects manipulation attempts in the binary input stream and raises an InputManipulationException, preventing the stack overflow. For users unable to upgrade immediately, it is recommended to catch StackOverflowError exceptions in the client code to mitigate crashes. The vulnerability has a CVSS v3.1 score of 7.5, reflecting its high impact on availability with no required privileges or user interaction and remote network attack vector. No public exploits have been reported yet, but the ease of triggering a DoS through crafted input makes it a significant threat for applications relying on vulnerable XStream versions.

The primary impact of CVE-2024-47072 is denial of service through application crashes caused by stack overflow during deserialization of manipulated binary XML streams. For European organizations, especially those using Java-based applications that incorporate XStream for XML processing, this can lead to service interruptions, degraded user experience, and potential operational downtime. Critical systems that rely on continuous availability, such as financial services, healthcare, and government platforms, may face disruptions if exposed to malicious input streams. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can indirectly affect business continuity and trust. Additionally, organizations with automated systems processing untrusted or external XML data streams are at higher risk. The absence of known exploits currently reduces immediate threat but does not eliminate the risk of future exploitation. Failure to patch or mitigate could result in targeted DoS attacks, especially in sectors with high reliance on Java serialization frameworks.

1. Upgrade all instances of XStream to version 1.4.21 or later, which includes the fix to detect and prevent stack overflow caused by manipulated binary input streams. 2. For environments where immediate upgrade is not possible, implement robust exception handling to catch StackOverflowError in the client code that invokes XStream with BinaryStreamDriver configuration, preventing application crashes. 3. Restrict or validate all incoming binary XML streams rigorously to ensure they originate from trusted sources and conform to expected schemas, reducing the risk of malicious input. 4. Employ runtime application self-protection (RASP) or similar monitoring tools to detect abnormal deserialization behavior or repeated crashes indicative of exploitation attempts. 5. Conduct code reviews and penetration testing focused on deserialization components to identify and remediate similar vulnerabilities. 6. Maintain up-to-date inventory of software dependencies and monitor for security advisories related to serialization libraries. 7. Implement network-level protections such as Web Application Firewalls (WAFs) with custom rules to detect and block suspicious binary XML payloads targeting deserialization endpoints.