CVE-2022-4952
LOWOmniSharp csharp-language-server-protocol < 0.19.7 - Uncontrolled Resource Consumption in JSON Serializer
Title source: llmDescription
A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.234238
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.234238
Patch issue-tracking
https://github.com/OmniSharp/csharp-language-server-protocol/pull/902
Scores
CVSS v3
3.5
EPSS
0.0072
EPSS Percentile
49.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (1)
dotnetfoundation/c\#_language_server_protocol
< 0.19.7
Published
Jul 17, 2023
Tracked Since
Feb 18, 2026