CVE-2022-3433

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions aeson (affected versions not specified)

Description The aeson library is not safe for consuming untrusted JSON input. A remote user could exploit this issue to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. This technique has been used in real-world attacks against various languages, libraries, and frameworks. The issue results in CPU consumption, leading to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-916CWE-328

Related Identifiers

BDU:2024-06542

BDU:2024-06544

CVE-2022-3433

HSEC-2023-0001

Affected Products

Debian

Red Os

Aeson

CVE-2022-3433

Weakness Enumeration

Related Identifiers

Affected Products

References · 37