CVE-2023-33546

Опубликовано: 01 июн. 2023

Источник: redhat

CVSS3: 6.2

Описание

Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.

A denial of service vulnerability was found in the janino compiler. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.

Затронутые пакеты

Платформа	Пакет	Состояние
A-MQ Clients 2	janino	Not affected
Migration Toolkit for Applications 6	org.ow2.asm	Not affected
Migration Toolkit for Runtimes	org.ow2.asm	Not affected
Red Hat build of Apache Camel for Spring Boot 3	janino	Not affected
Red Hat build of OptaPlanner 8	optaplanner-maven-repository	Fix deferred
Red Hat Data Grid 8	janino	Not affected
Red Hat Fuse 7	janino	Out of support scope
Red Hat Integration Camel K 1	janino	Not affected
Red Hat Integration Camel Quarkus 2	janino	Not affected
Red Hat JBoss Data Grid 7	janino	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2213863janino: DoS in expression evaluator.guess parameter name method

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2023-33546

CVSS3: 5.5

ubuntu

больше 2 лет назад

CVE-2023-33546

CVSS3: 5.5

nvd

больше 2 лет назад

CVE-2023-33546

CVSS3: 5.5

debian

больше 2 лет назад

Janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...

SUSE-SU-2023:3385-1

suse-cvrf

больше 2 лет назад

Security update for janino

GHSA-gcg6-xv4f-f749

CVSS3: 5.5

github

больше 2 лет назад

janino vulnerable to denial of service due to stack overflow

6.2 Medium

CVSS3