CVE-2023-39685

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions hjson-java versions up to v3.0.0

Description The issue allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. This can lead to a StringIndexOutOfBoundsException.

Recommendations For hjson-java versions up to v3.0.0, consider updating to a version later than v3.0.0 to resolve the issue. As a temporary workaround, restrict the input of JSON strings to prevent crafted strings from being processed.

Exploit

Fix

Out of bounds Read

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-94

Related Identifiers

CVE-2023-39685

GHSA-94W5-RF69-2H6C

Affected Products

Hjson-Java

CVE-2023-39685

Weakness Enumeration

Related Identifiers

Affected Products

References · 7