CVE-2023-4043

CVSS V2 None CVSS V3 None

Description

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

Overview

CVE ID
CVE-2023-4043

Assigner
eclipse

Vulnerability Status
PUBLISHED

Published Version
2023-11-03T08:11:39.563Z

Last Modified Date
2023-11-03T08:11:39.563Z

Weakness Enumerations

CWE	URL
CWE-20	http://cwe.mitre.org/data/definitions/20.html
CWE-834	http://cwe.mitre.org/data/definitions/834.html

References

Reference URL	Reference Tags
https://github.com/eclipse-ee4j/parsson/pull/100
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/13

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-4043
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4043

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 20:07:02				Added to TrackCVE