CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:json-smart_project:json-smart-v1:*:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:06

Type Values Removed Values Added
References () https://github.com/netplex/json-smart-v1/issues/10 - Issue Tracking, Third Party Advisory () https://github.com/netplex/json-smart-v1/issues/10 - Issue Tracking, Third Party Advisory
References () https://github.com/netplex/json-smart-v1/pull/11 - Patch, Third Party Advisory () https://github.com/netplex/json-smart-v1/pull/11 - Patch, Third Party Advisory
References () https://github.com/netplex/json-smart-v2/issues/67 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/netplex/json-smart-v2/issues/67 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/netplex/json-smart-v2/pull/68 - Patch, Third Party Advisory () https://github.com/netplex/json-smart-v2/pull/68 - Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html - () https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html -
References () https://security.netapp.com/advisory/ntap-20240621-0006/ - () https://security.netapp.com/advisory/ntap-20240621-0006/ -
References () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - () https://www.oracle.com/security-alerts/cpujul2022.html -

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -

Information

Published : 2021-06-01 20:15

Updated : 2024-11-21 06:06


NVD link : CVE-2021-31684

Mitre link : CVE-2021-31684

CVE.ORG link : CVE-2021-31684


JSON object : View

Products Affected

oracle

  • utilities_framework

json-smart_project

  • json-smart-v1
  • json-smart-v2
CWE
CWE-787

Out-of-bounds Write