We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4043

Parsson DoS when parsing numbers from untrusted sources



Description

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

Reserved 2023-08-01 | Published 2023-11-03 | Updated 2024-09-05 | Assigner eclipse


MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-20 Improper Input Validation

CWE-834 Excessive Iteration

Product status

Default status
unaffected

Any version before 1.0.5
affected

1.1.0 before 1.1.4
affected

Credits

Yuan Tian finder

References

github.com/eclipse-ee4j/parsson/pull/100

gitlab.eclipse.org/...rity/vulnerability-reports/-/issues/13

cve.org (CVE-2023-4043)

nvd.nist.gov (CVE-2023-4043)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-4043

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.