CVE-2022-23460 - OpenCVE

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Json\+\+ Project	Json\+\+

Configuration 1 [-]

OR	cpe:2.3:a:json\+\+_project:json\+\+:1.0.0:::::::*
	cpe:2.3:a:json\+\+_project:json\+\+:1.0.1:::::::*

No data.

References

Link	Providers
https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-19T20:10:08

Updated: 2024-08-03T03:43:45.993Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23460

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-19T20:15:08.243

Modified: 2023-07-13T17:17:43.927

Link: CVE-2022-23460

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jsonxx", "vendor": "hjiang", "versions": [{"lessThanOrEqual": "1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-19T20:10:08", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx"}], "source": {"discovery": "UNKNOWN"}, "title": "Stack overflow in Jsonxx", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23460", "STATE": "PUBLIC", "TITLE": "Stack overflow in Jsonxx"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jsonxx", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.0.1"}]}}]}, "vendor_name": "hjiang"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx", "refsource": "MISC", "url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:45.993Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23460", "datePublished": "2022-08-19T20:10:08", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:43:45.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:json\\+\\+_project:json\\+\\+:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE3FE9F1-CD11-4BA9-86D9-9F4887D8814D", "vulnerable": true}, {"criteria": "cpe:2.3:a:json\\+\\+_project:json\\+\\+:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA7B9E9A-8AAC-4348-A21F-CF6273294E63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement."}, {"lang": "es", "value": "Jsonxx o Json++ es un analizador, escritor y lector de JSON escrito en C++. En versiones afectadas de jsonxx, el an\u00e1lisis sint\u00e1ctico de JSON puede conllevar a un agotamiento de la pila en una compilaci\u00f3n saneada de direcciones (ASAN). Este problema puede conllevar a una denegaci\u00f3n de servicio si el programa usando la biblioteca jsonxx es bloqueada. Este problema se presenta en el commit actual del proyecto jsonxx y el proyecto mismo ha sido archivado. No son esperadas actualizaciones. Es recomendado a usuarios buscar un sustituto."}], "id": "CVE-2022-23460", "lastModified": "2023-07-13T17:17:43.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-08-19T20:15:08.243", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Secondary"}]}