CVE-2022-23459 — HIGH (8.1)

Vulnerability Description

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hjiang	Json\+\+	1.0.0

Related Weaknesses (CWE)

CWE-416 CWE-415

References

https://securitylab.github.com/advisories/GHSL-2022-048_JsonxxBroken Link
https://securitylab.github.com/advisories/GHSL-2022-048_JsonxxBroken Link

FAQ

What is CVE-2022-23459?

CVE-2022-23459 is a vulnerability with a CVSS score of 8.1 (HIGH). Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The ...

How severe is CVE-2022-23459?

CVE-2022-23459 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23459?

Check the references section above for vendor advisories and patch information. Affected products include: Hjiang Json\+\+.