Lucene search
RedhatCVE-2022-3433HistoryOct 10, 2022 - 10:15 p.m.
CVE-2022-3433
2022-10-1022:15:10
CWE-326
CWE-328
redhat
web.nvd.nist.gov
26
2
cve-2022-3433
aeson library
json input
denial of service
vulnerability
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
49.7%
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Affected configurations
Node
haskellaesonRange<2.0.1.0
CNA Affected
[
{
"vendor": "n/a",
"product": "aeson",
"versions": [
{
"version": "Fixed in 2.0.1.0",
"status": "affected"
}
]
}
]Social References
More
Related
osv
osv
Hash flooding vulnerability in aeson
2023-06-13 09:03:52
CVE-2022-3433
2022-10-10 22:15:10
ubuntucve
ubuntucve
CVE-2022-3433
2022-10-10 00:00:00
prion
prion
Design/Logic Flaw
2022-10-10 22:15:00
debiancve
debiancve
CVE-2022-3433
2022-10-10 22:15:10
redos
redos
ROS-20240815-12
2024-08-15 00:00:00
nvd
nvd
CVE-2022-3433
2022-10-10 22:15:10
cvelist
cvelist
CVE-2022-3433
2022-10-10 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
49.7%
Related for CVE-2022-3433