CVE-2022-23460

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:json\+\+_project:json\+\+:1.0.0:::::::*
	cpe:2.3:a:json\+\+_project:json\+\+:1.0.1:::::::*

History

13 Jul 2023, 17:17

Type	Values Removed	Values Added
CWE	~~CWE-121~~	CWE-674

Information

Published : 2022-08-19 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-23460

Mitre link : CVE-2022-23460

CVE.ORG link : CVE-2022-23460

JSON object : View

Products Affected

json\+\+_project

json\+\+

CWE

CWE-674

Uncontrolled Recursion

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2022-23460", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2022-08-19T20:15:08.243", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx", "tags": ["Broken Link"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-674"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement."}, {"lang": "es", "value": "Jsonxx o Json++ es un analizador, escritor y lector de JSON escrito en C++. En versiones afectadas de jsonxx, el an\u00e1lisis sint\u00e1ctico de JSON puede conllevar a un agotamiento de la pila en una compilaci\u00f3n saneada de direcciones (ASAN). Este problema puede conllevar a una denegaci\u00f3n de servicio si el programa usando la biblioteca jsonxx es bloqueada. Este problema se presenta en el commit actual del proyecto jsonxx y el proyecto mismo ha sido archivado. No son esperadas actualizaciones. Es recomendado a usuarios buscar un sustituto."}], "lastModified": "2023-07-13T17:17:43.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:json\\+\\+_project:json\\+\\+:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE3FE9F1-CD11-4BA9-86D9-9F4887D8814D"}, {"criteria": "cpe:2.3:a:json\\+\\+_project:json\\+\\+:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA7B9E9A-8AAC-4348-A21F-CF6273294E63"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}