CVE-2023-3894

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*

History

15 Aug 2023, 19:28

Type Values Removed Values Added
References (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083 - (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x - (MISC) https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x - Release Notes
References (MISC) https://github.com/FasterXML/jackson-dataformats-text/pull/398 - (MISC) https://github.com/FasterXML/jackson-dataformats-text/pull/398 - Patch
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*
First Time Fasterxml jackson-dataformats-text
Fasterxml

08 Aug 2023, 18:32

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-08 18:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-3894

Mitre link : CVE-2023-3894

CVE.ORG link : CVE-2023-3894


JSON object : View

Products Affected

fasterxml

  • jackson-dataformats-text
CWE
CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation