CVE-2022-23460

MEDIUM

Hjiang Json++ - Denial of Service

Title source: rule

Description

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

References (1)

[Broken Link] https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx

Scores

CVSS v3 5.9

EPSS 0.0043

EPSS Percentile 62.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121 CWE-674

Status published

Products (2)

hjiang/json\+\+ 1.0.0

hjiang/json\+\+ 1.0.1

Published Aug 19, 2022

Tracked Since Feb 18, 2026