7.5
CVE-2026-32285
- EPSS 0.75%
- Veröffentlicht 26.03.2026 19:40:51
- Zuletzt bearbeitet 09.07.2026 13:16:57
- CVE-Watchlists
- Unerledigt
Denial of service in github.com/buger/jsonparser
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jsonparser Project ≫ Jsonparser Version < 1.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.75% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://github.com/buger/jsonparser/issues/275
https://github.com/golang/vulndb/issues/4514
https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026
https://bugzilla.redhat.com/show_bug.cgi?id=2451846
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32285.json
https://access.redhat.com/errata/RHSA-2026:13548
https://access.redhat.com/errata/RHSA-2026:21769
https://access.redhat.com/errata/RHSA-2026:22347
https://access.redhat.com/errata/RHSA-2026:22423
https://access.redhat.com/errata/RHSA-2026:23345
https://access.redhat.com/errata/RHSA-2026:9385
https://access.redhat.com/errata/RHSA-2026:34364
https://access.redhat.com/errata/RHSA-2026:17123
https://access.redhat.com/errata/RHSA-2026:19099
https://access.redhat.com/errata/RHSA-2026:17121
https://access.redhat.com/errata/RHSA-2026:36882
https://pkg.go.dev/vuln/GO-2026-4514
https://access.redhat.com/errata/RHSA-2026:35111
https://access.redhat.com/errata/RHSA-2026:7191
https://access.redhat.com/security/cve/CVE-2026-32285