CVE-2023-3894
Summary
| CVE | CVE-2023-3894 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-08-08 18:15:00 UTC |
|---|
| Updated | 2023-08-15 19:28:00 UTC |
|---|
| Description | Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VE... |
MISC |
github.com |
|
| 50083 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
|
| TOML: check nesting depth by pjfanning · Pull Request #398 · FasterXML/jackson-dataformats-text · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 994787 Java (Maven) Security Update for com.fasterxml.jackson.dataformat:jackson-dataformats-text (GHSA-rg2c-cfxv-qp6f)
