Lucene search
GoogleOSV:GHSA-GCG6-XV4F-F749HistoryJun 01, 2023 - 3:30 p.m.
janino vulnerable to denial of service due to stack overflow
2023-06-0115:30:59
Google
osv.dev
11
janino
vulnerability
denial of service
stack overflow
3.1.9
parser
crash
user-supplied input
attacker
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
19.2%
janino 3.1.9 and earlier is subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.
Related
veracode
veracode
Denial Of Service (DoS)
2023-06-14 03:57:23
github
github
janino vulnerable to denial of service due to stack overflow
2023-06-01 15:30:59
nvd
nvd
CVE-2023-33546
2023-06-01 13:15:10
ubuntucve
ubuntucve
CVE-2023-33546
2023-06-01 00:00:00
redhatcve
redhatcve
CVE-2023-33546
2023-06-09 16:07:07
nessus
nessus
openSUSE 15 Security Update : janino (SUSE-SU-2023:3385-1)
2023-08-24 00:00:00
RHEL 6 : janino (Unpatched Vulnerability)
2024-06-03 00:00:00
vulnrichment
vulnrichment
CVE-2023-33546
2023-06-01 00:00:00
cvelist
cvelist
CVE-2023-33546
2023-06-01 00:00:00
debiancve
debiancve
CVE-2023-33546
2023-06-01 13:15:10
prion
prion
Stack overflow
2023-06-01 13:15:00
openvas
openvas
openSUSE: Security Advisory for janino (SUSE-SU-2023:3385-1)
2024-03-04 00:00:00
cve
cve
CVE-2023-33546
2023-06-01 13:15:10
ibm
ibm
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
19.2%
Related for OSV:GHSA-GCG6-XV4F-F749