Description
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/buger/jsonparser/issues/188
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (4)
buger/jsonparser
0 - 1.0.0Go
fedoraproject/fedora
31
fedoraproject/fedora
32
jsonparser_project/jsonparser
< 1.0.0
Published
Mar 19, 2020
Tracked Since
Feb 18, 2026