Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4043

Published: 03/11/2023 Updated: 13/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Eclipse

Vulnerability Summary

In Eclipse Parsson prior to 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse parsson

Vendor Advisories

Red Hat: Important: Red Hat build of Cryostat security update
Synopsis Important: Red Hat build of Cryostat security update Type/Severity Security Advisory: Important Topic An update is now available for the Red Hat build of Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Red Hat build of Quarkus 3.2.10 release and security update
Synopsis Important: Red Hat build of Quarkus 3210 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, which givesade ...
Red Hat: Important: Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 release (RHBQ 3.2.10.Final)
Synopsis Important: Red Hat Build of Apache Camel 40 for Quarkus 32 release (RHBQ 3210Final) Type/Severity Security Advisory: Important Topic An update for Red Hat Build of Apache Camel 40 for Quarkus 32 is now available (updates to RHBQ 3210Final)Red Hat Product Security has rated this update as having a security impact of Importa ...
Red Hat: Important: Red Hat Integration Camel for Spring Boot 4.0.3 release security update
Synopsis Important: Red Hat Integration Camel for Spring Boot 403 release security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel for Spring Boot 403 release and security update is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabilit ...

References

CWE-834https://github.com/eclipse-ee4j/parsson/pull/100https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/13https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2024:0530
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook