High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2023-7272
High
Low
Medium
High
Critical
8.6
CVSS Score
Vulnerability Description
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
C
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
7 configuration(s) from 1 vendor(s)
parsson
Version:
1.1.1
CPE:
cpe:2.3:a:eclipse:parsson:1.1.1:*:*:*:*:*:*:*
parsson
Version:
1.0.2
CPE:
cpe:2.3:a:eclipse:parsson:1.0.2:*:*:*:*:*:*:*
parsson
Version:
1.0.1
CPE:
cpe:2.3:a:eclipse:parsson:1.0.1:*:*:*:*:*:*:*
parsson
Version:
1.1.2
CPE:
cpe:2.3:a:eclipse:parsson:1.1.2:*:*:*:*:*:*:*
parsson
Version:
1.0.3
CPE:
cpe:2.3:a:eclipse:parsson:1.0.3:*:*:*:*:*:*:*
parsson
Version:
1.1.0
CPE:
cpe:2.3:a:eclipse:parsson:1.1.0:*:*:*:*:*:*:*
parsson
Version:
1.0.0
CPE:
cpe:2.3:a:eclipse:parsson:1.0.0:*:*:*:*:*:*:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
Severity Details
8.6
out of 10.0
High
Weakness Type (CWE)
CWE-787
Top 25 #2
Out-of-bounds Write
- Description
- The product writes data past the end, or before the beginning, of the intended buffer.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- July 17, 2024
