PT-2023-24953 · Pbjson · Pbjson

Poppingsnack

Publicado

2023-06-14

Atualizado

2025-01-03

CVE-2023-34616

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions pbjson versions 0.4.0 and earlier

Description An issue allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies.

Recommendations For versions 0.4.0 and earlier, consider disabling the use of cyclic dependencies in objects until a patch is available. As a temporary workaround, restrict the processing of crafted objects to minimize the risk of exploitation. Avoid using pbjson for parsing objects with cyclic dependencies until the issue is resolved.

Exploit

Correção

Resource Exhaustion

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-787

Identificadores relacionados

CVE-2023-34616

GHSA-P4C9-X742-QH8C

Produtos afetados

Pbjson

PT-2023-24953 · Pbjson · Pbjson

CVE-2023-34616

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7