CVE-2023-3894

Опубликовано: 08 авг. 2023

Источник: nvd

CVSS3: 5.8

CVSS3: 7.5

EPSS Низкий

Описание

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
Issue Tracking
Patch
Third Party Advisory
https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x
Release Notes
https://github.com/FasterXML/jackson-dataformats-text/pull/398
Patch
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
Issue Tracking
Patch
Third Party Advisory
https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x
Release Notes
https://github.com/FasterXML/jackson-dataformats-text/pull/398
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*

Версия до 2.15.0 (исключая)

EPSS

Процентиль: 15%

0.0005

Низкий

5.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-20

CWE-787

Связанные уязвимости

GHSA-rg2c-cfxv-qp6f

CVSS3: 8.6

github

больше 2 лет назад

Denial of service in jackson-dataformat-toml

EPSS

Процентиль: 15%

0.0005

Низкий

5.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-20

CWE-787