Lucene search

Veracode Vulnerability DatabaseVERACODE:40903

HistoryJun 15, 2023 - 8:22 a.m.

Denial Of Service (DOS)

2023-06-1508:22:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

net.sf.sojo.sojo library

denial of service attack

user supplied json

user supplied csv

stack overflow error

out of memory-heap error

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.4%

JSON

The net.sf.sojo.sojo library is vulnerable to Denial Of Service Attack (DOS) . The vulnerability is due to not restricting user supplied JSON and CSV to a maximum length causing Stack Overflow Error/Out Of Memory -Heap Error when the input is parsed leading to Denial Of Service (DOS) attack.

CPENameOperatorVersion
sojole1.1.1
sojole1.1.1

CPE	Name	Operator	Version
	sojo	le	1.1.1
	sojo	le	1.1.1

References

github.com/maddingo/sojo/issues/15

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.4%

JSON

Related for VERACODE:40903