In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.
References
Link | Resource |
---|---|
https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java | Product |
https://github.com/NCI-Agency/anet/issues/4408 | Exploit Issue Tracking |
Configurations
History
27 Jul 2023, 15:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ncia
Ncia advisor Network |
|
CWE | CWE-476 | |
References | (MISC) https://github.com/NCI-Agency/anet/issues/4408 - Exploit, Issue Tracking | |
References | (MISC) https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CPE | cpe:2.3:a:ncia:advisor_network:*:*:*:*:*:*:*:* |
18 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-18 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-31441
Mitre link : CVE-2023-31441
CVE.ORG link : CVE-2023-31441
JSON object : View
Products Affected
ncia
- advisor_network
CWE
CWE-476
NULL Pointer Dereference