Описание
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
A flaw was found in the JSON-XS Perl module. A buffer overflow can be triggered due to an integer overflow when a specially crafted JSON input is processed, causing a segmentation fault, crashing the application using the module and resulting in a denial of service.
Отчет
Only applications processing JSON input supplied by untrusted users with the JSON-XS Perl module are vulnerable to this issue, limiting the exposure and impact of this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | perl-JSON-XS | Affected | ||
| Red Hat Enterprise Linux 8 | perl-JSON-XS | Affected | ||
| Red Hat Enterprise Linux 9 | perl-JSON-XS | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
JSON::XS before version 4.04 for Perl has an integer buffer overflow c ...
7.5 High
CVSS3