Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-3433HistoryOct 10, 2022 - 10:15 p.m.
CVE-2022-3433
2022-10-1022:15:10
Debian Security Bug Tracker
security-tracker.debian.org
7
aeson library
json input
denial of service
vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
49.7%
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | haskell-aeson | < 2.0.3.0-1 | haskell-aeson_2.0.3.0-1_all.deb |
| Debian | 11 | all | haskell-aeson | <= 1.4.7.1-2 | haskell-aeson_1.4.7.1-2_all.deb |
| Debian | 999 | all | haskell-aeson | < 2.0.3.0-1 | haskell-aeson_2.0.3.0-1_all.deb |
| Debian | 13 | all | haskell-aeson | < 2.0.3.0-1 | haskell-aeson_2.0.3.0-1_all.deb |
Related
osv
osv
Hash flooding vulnerability in aeson
2023-06-13 09:03:52
CVE-2022-3433
2022-10-10 22:15:10
ubuntucve
ubuntucve
CVE-2022-3433
2022-10-10 00:00:00
prion
prion
Design/Logic Flaw
2022-10-10 22:15:00
cve
cve
CVE-2022-3433
2022-10-10 22:15:10
redos
redos
ROS-20240815-12
2024-08-15 00:00:00
nvd
nvd
CVE-2022-3433
2022-10-10 22:15:10
cvelist
cvelist
CVE-2022-3433
2022-10-10 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
49.7%
Related for DEBIANCVE:CVE-2022-3433