Lucene search

K
cveGoogleCVE-2023-5072
HistoryOct 12, 2023 - 5:15 p.m.

CVE-2023-5072

2023-10-1217:15:10
CWE-770
Google
web.nvd.nist.gov
300
cve-2023-5072
denial of service
json-java
nvd
security advisory

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

27.6%

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Affected configurations

Nvd
Node
json-java_projectjson-javaRange20230618
VendorProductVersionCPE
json-java_projectjson-java*cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

27.6%