CVE-2022-23460

2022-08-1920:15:08

CWE-674

CWE-121

[email protected]

web.nvd.nist.gov

jsonxx

json parser

stack exhaustion

dos

cve-2022-23460

c++

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.6%

JSON

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

Affected configurations

Vulners

NVD

Node

hjiangjsonxxRange≤1.0.1

CPENameOperatorVersion
json\+\+_project:json\+\+json++ project json++eq1.0.0
json\+\+_project:json\+\+json++ project json++eq1.0.1

CPE	Name	Operator	Version
json\+\+_project:json\+\+	json++ project json++	eq	1.0.0
json\+\+_project:json\+\+	json++ project json++	eq	1.0.1

CNA Affected

[
  {
    "product": "Jsonxx",
    "vendor": "hjiang",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]