CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
27.6%
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | jenkins-json | <= 2.4-jenkins-3-7 | jenkins-json_2.4-jenkins-3-7_all.deb |
Debian | 11 | all | jenkins-json | <= 2.4-jenkins-3-6 | jenkins-json_2.4-jenkins-3-6_all.deb |
Debian | 999 | all | jenkins-json | <= 2.4-jenkins-3-7 | jenkins-json_2.4-jenkins-3-7_all.deb |
Debian | 13 | all | jenkins-json | <= 2.4-jenkins-3-7 | jenkins-json_2.4-jenkins-3-7_all.deb |
Debian | 12 | all | libjettison-java | <= 1.5.3-1 | libjettison-java_1.5.3-1_all.deb |
Debian | 11 | all | libjettison-java | <= 1.5.3-1~deb11u1 | libjettison-java_1.5.3-1~deb11u1_all.deb |
Debian | 999 | all | libjettison-java | <= 1.5.4-1 | libjettison-java_1.5.4-1_all.deb |
Debian | 13 | all | libjettison-java | <= 1.5.4-1 | libjettison-java_1.5.4-1_all.deb |
Debian | 12 | all | libjson-java | <= 2.4-3.1 | libjson-java_2.4-3.1_all.deb |
Debian | 11 | all | libjson-java | <= 2.4-3.1 | libjson-java_2.4-3.1_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
27.6%