Products
Eclipse Parsson
- before 1.0.4
- 1.1.3
Source
emo@eclipse.org
Tags
CVE-2023-7272 details
Published : July 17, 2024, 3:15 p.m.
Last Modified : July 17, 2024, 3:15 p.m.
Last Modified : July 17, 2024, 3:15 p.m.
Description
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.6 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-787 | Out-of-bounds Write | The product writes data past the end, or before the beginning, of the intended buffer. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
8.6
Exploitability Score
3.9
Impact Score
4.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References
URL | Source |
---|---|
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12 | emo@eclipse.org |
This website uses the NVD API, but is not approved or certified by it.