CVE-2022-23460 — MEDIUM (5.9)

Vulnerability Description

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hjiang	Json\+\+	1.0.0

Related Weaknesses (CWE)

CWE-674 CWE-121

References

https://securitylab.github.com/advisories/GHSL-2022-049_JsonxxBroken Link
https://securitylab.github.com/advisories/GHSL-2022-049_JsonxxBroken Link

FAQ

What is CVE-2022-23460?

CVE-2022-23460 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead ...

How severe is CVE-2022-23460?

CVE-2022-23460 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23460?

Check the references section above for vendor advisories and patch information. Affected products include: Hjiang Json\+\+.