Описание
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).
Отчет
This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.
Меры по смягчению последствий
No current mitigation is available for this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | JSON-java | Not affected | ||
| Red Hat Ansible Automation Platform 2 | JSON-java | Not affected | ||
| Red Hat build of Apicurio Registry 2 | JSON-java | Affected | ||
| Red Hat build of Debezium 2 | JSON-java | Not affected | ||
| Red Hat Data Grid 8 | JSON-java | Not affected | ||
| Red Hat Decision Manager 7 | JSON-java | Affected | ||
| Red Hat Integration Camel Quarkus 2 | JSON-java | Affected | ||
| Red Hat JBoss Data Grid 7 | JSON-java | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 6 | json | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | json | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Denial of Service in JSON-Java versions up to and including 20230618. ...
EPSS
7.5 High
CVSS3