PT-2023-27449 · Eclipse · Eclipse Parsson

Marta Rybczynska

Published

2023-11-03

Updated

2023-11-13

CVE-2023-4043

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.4 Eclipse Parsson versions prior to 1.0.5

Description Parsing JSON from untrusted sources can lead to exploitation due to edge cases in Java's built-in support for parsing numbers with large scales, resulting in unexpectedly large processing times.

Recommendations For Eclipse Parsson versions prior to 1.1.4, update to version 1.1.4 or later to mitigate the risk. For Eclipse Parsson versions prior to 1.0.5, update to version 1.0.5 or later to mitigate the risk.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-834CWE-20

Related Identifiers

CVE-2023-4043

GHSA-G8P6-P27C-52FX

RHSA-2024:1192

RHSA-2024:1193

Affected Products

Eclipse Parsson

PT-2023-27449 · Eclipse · Eclipse Parsson

CVE-2023-4043

Weakness Enumeration

Related Identifiers

Affected Products

References · 6