GHSA-6g7g-w4f8-9c9x

Опубликовано: 18 мар. 2026

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

github.com/buger/jsonparser has a denial of service vulnerability

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

Ссылки

Пакеты

Наименование

github.com/buger/jsonparser

Затронутые версииВерсия исправления

<= 1.1.1

1.1.2

EPSS

Процентиль: 6%

0.00021

Низкий

7.5 High

CVSS3

CVE ID

CVE-2026-32285

Дефекты

CWE-125

CWE-129

Связанные уязвимости

CVE-2026-32285

CVSS3: 7.5

ubuntu

около 1 месяца назад

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

CVE-2026-32285

CVSS3: 7.5

redhat

около 1 месяца назад

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

CVE-2026-32285

CVSS3: 7.5

nvd

около 1 месяца назад

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

CVE-2026-32285

CVSS3: 7.5

debian

около 1 месяца назад

The Delete function fails to properly validate offsets when processing ...

BDU:2026-04782

CVSS3: 7.5

fstec

около 2 месяцев назад

Уязвимость функции Delete() языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 6%

0.00021

Низкий

7.5 High

CVSS3

CVE ID

CVE-2026-32285

Дефекты

CWE-125

CWE-129