Lucene search

Veracode Vulnerability DatabaseVERACODE:40890

HistoryJun 14, 2023 - 3:57 a.m.

Denial Of Service (DoS)

2023-06-1403:57:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

user input

stack overflow

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.8%

JSON

org.codehaus.janino:janino is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the guessParameterNames method caused to an uncaught stack overflow exception, which can be triggered by user input with deeply nested structures causing the application to crash.

CPENameOperatorVersion
janinole3.1.9
janinole3.1.9

CPE	Name	Operator	Version
	janino	le	3.1.9
	janino	le	3.1.9

References

bugzilla.redhat.com/show_bug.cgi?id=2213863

github.com/advisories/GHSA-gcg6-xv4f-f749

github.com/janino-compiler/janino/issues/201

janino-compiler.github.io/janino/#security

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for VERACODE:40890