Lucene search
GoogleOSV:CVE-2022-3433HistoryOct 10, 2022 - 10:15 p.m.
CVE-2022-3433
2022-10-1022:15:10
Google
osv.dev
5
aeson
library
json
input
remote user
hash collision
denial of service
vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
49.7%
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Related
osv
osv
Hash flooding vulnerability in aeson
2023-06-13 09:03:52
ubuntucve
ubuntucve
CVE-2022-3433
2022-10-10 00:00:00
prion
prion
Design/Logic Flaw
2022-10-10 22:15:00
cve
cve
CVE-2022-3433
2022-10-10 22:15:10
debiancve
debiancve
CVE-2022-3433
2022-10-10 22:15:10
redos
redos
ROS-20240815-12
2024-08-15 00:00:00
nvd
nvd
CVE-2022-3433
2022-10-10 22:15:10
cvelist
cvelist
CVE-2022-3433
2022-10-10 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
49.7%
Related for OSV:CVE-2022-3433