CVE-2026-32285

Exploit

EPSS 0.03%
Veröffentlicht 26.03.2026 19:40:51
Zuletzt bearbeitet 21.04.2026 15:42:07
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jsonparser Project ≫ Jsonparser Version < 1.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.082

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/buger/jsonparser/issues/275

Third Party Advisory

Issue Tracking

https://github.com/golang/vulndb/issues/4514

Third Party Advisory

Issue Tracking

https://pkg.go.dev/vuln/GO-2026-4514

Third Party Advisory

https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-32285