CVE-2022-23460

{"id": "CVE-2022-23460", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-08-19T20:15:08.243", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx", "tags": ["Broken Link"], "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement."}, {"lang": "es", "value": "Jsonxx o Json++ es un analizador, escritor y lector de JSON escrito en C++. En versiones afectadas de jsonxx, el an\u00e1lisis sint\u00e1ctico de JSON puede conllevar a un agotamiento de la pila en una compilaci\u00f3n saneada de direcciones (ASAN). Este problema puede conllevar a una denegaci\u00f3n de servicio si el programa usando la biblioteca jsonxx es bloqueada. Este problema se presenta en el commit actual del proyecto jsonxx y el proyecto mismo ha sido archivado. No son esperadas actualizaciones. Es recomendado a usuarios buscar un sustituto."}], "lastModified": "2024-11-21T06:48:36.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:json\\+\\+_project:json\\+\\+:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE3FE9F1-CD11-4BA9-86D9-9F4887D8814D"}, {"criteria": "cpe:2.3:a:json\\+\\+_project:json\\+\\+:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA7B9E9A-8AAC-4348-A21F-CF6273294E63"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}