Refine your search
1 vulnerability found for jackson-dataformats-text by FasterXML
CVE-2023-3894 (GCVE-0-2023-3894)
Vulnerability from cvelistv5
Published
2023-08-08 16:59
Modified
2024-09-27 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FasterXML | jackson-dataformats-text |
Version: 0 < 2.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jackson-dataformats-text",
"vendor": "fasterxml",
"versions": [
{
"lessThan": "2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:04:30.896574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:07:38.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": " jackson-dataformats-text",
"repo": "https://github.com/FasterXML/jackson-dataformats-text",
"vendor": "FasterXML",
"versions": [
{
"lessThan": "2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"user": "00000000-0000-4000-9000-000000000000",
"value": "OSS-Fuzz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThose using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T16:59:58.129Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083"
},
{
"url": "https://github.com/FasterXML/jackson-dataformats-text/pull/398"
},
{
"url": "https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DOS in jackson-dataformats-text",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-3894",
"datePublished": "2023-08-08T16:59:58.129Z",
"dateReserved": "2023-07-24T21:18:16.456Z",
"dateUpdated": "2024-09-27T16:07:38.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}