7.5

CVE-2026-32285

Exploit

Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jsonparser ProjectJsonparser Version < 1.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.503
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/buger/jsonparser/issues/275
Third Party Advisory
Issue Tracking
https://github.com/golang/vulndb/issues/4514
Third Party Advisory
Issue Tracking
https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=2451846
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32285.json
https://access.redhat.com/errata/RHSA-2026:13548
https://access.redhat.com/errata/RHSA-2026:21769
https://access.redhat.com/errata/RHSA-2026:22347
https://access.redhat.com/errata/RHSA-2026:22423
https://access.redhat.com/errata/RHSA-2026:23345
https://access.redhat.com/errata/RHSA-2026:9385
https://access.redhat.com/errata/RHSA-2026:34364
https://access.redhat.com/errata/RHSA-2026:17123
https://access.redhat.com/errata/RHSA-2026:19099
https://access.redhat.com/errata/RHSA-2026:17121
https://access.redhat.com/errata/RHSA-2026:36882
https://pkg.go.dev/vuln/GO-2026-4514
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:35111
https://access.redhat.com/errata/RHSA-2026:7191
https://access.redhat.com/security/cve/CVE-2026-32285