OpenCVE

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Fasterxml	Jackson-dataformats-text

Configuration 1 [-]

cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x
https://github.com/FasterXML/jackson-dataformats-text/pull/398

History

Fri, 27 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-08-08T16:59:58.129Z

Updated: 2024-09-27T16:07:38.896Z

Reserved: 2023-07-24T21:18:16.456Z

Link: CVE-2023-3894

Vulnrichment

Updated: 2024-08-02T07:08:50.658Z

NVD

Status : Modified

Published: 2023-08-08T18:15:24.297

Modified: 2024-11-21T08:18:18.677

Link: CVE-2023-3894

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3894", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-07-24T21:18:16.456Z", "datePublished": "2023-08-08T16:59:58.129Z", "dateUpdated": "2024-09-27T16:07:38.896Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": " jackson-dataformats-text", "repo": "https://github.com/FasterXML/jackson-dataformats-text", "vendor": "FasterXML", "versions": [{"lessThan": "2.15.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "OSS-Fuzz"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.</span><br>"}], "value": "Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-08-08T16:59:58.129Z"}, "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083"}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398"}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x"}], "source": {"discovery": "UNKNOWN"}, "title": "DOS in jackson-dataformats-text", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.658Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083", "tags": ["x_transferred"]}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398", "tags": ["x_transferred"]}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "fasterxml", "product": "jackson-dataformats-text", "cpes": ["cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.15.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T16:04:30.896574Z", "id": "CVE-2023-3894", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T16:07:38.896Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083", "tags": ["x_transferred"]}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398", "tags": ["x_transferred"]}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.658Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3894", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-27T16:04:30.896574Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*"], "vendor": "fasterxml", "product": "jackson-dataformats-text", "versions": [{"status": "affected", "version": "0", "lessThan": "2.15.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T16:07:33.550Z"}}], "cna": {"title": "DOS in jackson-dataformats-text", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "OSS-Fuzz"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/FasterXML/jackson-dataformats-text", "vendor": "FasterXML", "product": " jackson-dataformats-text", "versions": [{"status": "affected", "version": "0", "lessThan": "2.15.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083"}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398"}, {"url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-08-08T16:59:58.129Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3894", "state": "PUBLISHED", "dateUpdated": "2024-09-27T16:07:38.896Z", "dateReserved": "2023-07-24T21:18:16.456Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2023-08-08T16:59:58.129Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EA5DD6F-240A-4691-B691-1D38B8B4165A", "versionEndExcluding": "2.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\n"}], "id": "CVE-2023-3894", "lastModified": "2024-11-21T08:18:18.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-08T18:15:24.297", "references": [{"source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083"}, {"source": "cve-coordination@google.com", "tags": ["Release Notes"], "url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x"}, {"source": "cve-coordination@google.com", "tags": ["Patch"], "url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}