CVE-2022-23462
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23462
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23462.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23462
- Published
- 2022-10-21T00:00:00Z
- Modified
- 2025-10-30T19:59:40.224453Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Stack Buffer Overflow in iowow
- Details
-
IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the
masterbranch of the repository. There are no workarounds other than applying the patch. - Database specific
{ "cwe_ids": [ "CWE-120", "CWE-121" ] }- References
Affected packages
Git / github.com/softmotions/iowow
Database specific
vanir_signatures
[
{
"id": "CVE-2022-23462-559eb48a",
"signature_type": "Line",
"source": "https://github.com/softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd",
"target": {
"file": "src/json/iwjson.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"766796156551109928825463158941420793",
"313399920557574803183991637749823479472",
"263177828327602983841948426301284726313",
"213023140891930593254087780782341736838"
],
"threshold": 0.9
},
"signature_version": "v1"
},
{
"id": "CVE-2022-23462-894648ee",
"signature_type": "Function",
"source": "https://github.com/softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd",
"target": {
"file": "src/json/iwjson.c",
"function": "iwjson_ftoa"
},
"deprecated": false,
"digest": {
"length": 412.0,
"function_hash": "15614091112779079732806033214521365388"
},
"signature_version": "v1"
}
]