Lucene search

Veracode Vulnerability DatabaseVERACODE:40991

HistoryJun 23, 2023 - 6:41 a.m.

Denial Of Service (DoS)

2023-06-2306:41:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

org.hjson

vulnerability

denial of service

stack overflow

deeply nested structures

application crash

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

20.7%

JSON

org.hjson, hjson is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause a stack overflow, resulting in an application crash, because the library does not properly check crafted objects with deeply nested structures.

References

github.com/advisories/GHSA-5wfc-hjrc-gq87

github.com/hjson/hjson-java/blob/master/src/main/org/hjson/HjsonParser.java#L441-L462

github.com/hjson/hjson-java/commit/aff0b607929b4397d93dc0d029a56aeefb242602

github.com/hjson/hjson-java/issues/24

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

20.7%

JSON

Related for VERACODE:40991