CVE-2023-34616

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions pbjson versions 0.4.0 and earlier

Description An issue allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies.

Recommendations For versions 0.4.0 and earlier, consider disabling the use of cyclic dependencies in objects until a patch is available. As a temporary workaround, restrict the processing of crafted objects to minimize the risk of exploitation. Avoid using pbjson for parsing objects with cyclic dependencies until the issue is resolved.

Exploit

Fix

Resource Exhaustion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-787

Related Identifiers

CVE-2023-34616

GHSA-P4C9-X742-QH8C

Affected Products

Pbjson

CVE-2023-34616

Weakness Enumeration

Related Identifiers

Affected Products

References · 7