Vulnerability Details : CVE-2022-23460
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.
Vulnerability category: Denial of service
Products affected by CVE-2022-23460
- cpe:2.3:a:json\+\+_project:json\+\+:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:json\+\+_project:json\+\+:1.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23460
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23460
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2022-23460
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: security-advisories@github.com (Secondary)
-
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-23460
-
https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx
GHSL-2022-049: Stack exhaustion in jsonxx - CVE-2022-23460 | GitHub Security LabBroken Link
Jump to