PT-2022-8041 · Maven · Io.Spray:Spray-Json+12

Published

2022-06-28

Updated

2022-06-28

CVE-2018-18855

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned.

Description The issue concerns recursive decent parsers, which can be susceptible to StackOverflowExceptions when dealing with too deeply nested structures. This is because the current parsing state is kept on the stack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-18855

GHSA-WW3V-6XJF-JV28

Affected Products

Io.Spray:Spray-Json

Io.Spray:Spray-Json 2.10

Io.Spray:Spray-Json 2.11

Io.Spray:Spray-Json 2.11.0-Rc4

Io.Spray:Spray-Json 2.12

Io.Spray:Spray-Json 2.12.0-M3

Io.Spray:Spray-Json 2.12.0-M5

Io.Spray:Spray-Json 2.12.0-Rc1

Io.Spray:Spray-Json 2.12.0-Rc2

Io.Spray:Spray-Json 2.13.0-M2

Io.Spray:Spray-Json 2.13.0-M4

Io.Spray:Spray-Json 2.13.0-M5

Io.Spray:Spray-Json 2.9.3

PT-2022-8041 · Maven · Io.Spray:Spray-Json+12

CVE-2018-18855

Weakness Enumeration

Related Identifiers

Affected Products

References · 4