PT-2023-27449 · Eclipse · Eclipse Parsson

Marta Rybczynska

Publicado

2023-11-03

Atualizado

2023-11-13

CVE-2023-4043

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.4 Eclipse Parsson versions prior to 1.0.5

Description Parsing JSON from untrusted sources can lead to exploitation due to edge cases in Java's built-in support for parsing numbers with large scales, resulting in unexpectedly large processing times.

Recommendations For Eclipse Parsson versions prior to 1.1.4, update to version 1.1.4 or later to mitigate the risk. For Eclipse Parsson versions prior to 1.0.5, update to version 1.0.5 or later to mitigate the risk.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-834CWE-20

Identificadores relacionados

CVE-2023-4043

GHSA-G8P6-P27C-52FX

RHSA-2024:1192

RHSA-2024:1193

Produtos afetados

Eclipse Parsson

PT-2023-27449 · Eclipse · Eclipse Parsson

CVE-2023-4043

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6