CVE-2023-3894

Published Aug 8, 2023

Last updated a year ago

Overview

Description: Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Source: cve-coordination@google.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787
cve-coordination@google.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA5DD6F-240A-4691-B691-1D38B8B4165A",
            "versionEndExcluding": "2.15.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References