CVE-2022-23460

EPSS 0.43%
Veröffentlicht 19.08.2022 20:15:08
Zuletzt bearbeitet 28.10.2025 16:00:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hjiang ≫ Json++ Version1.0.0

Hjiang ≫ Json++ Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.621

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-23460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23460

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-23460