CVE-2023-4043

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4043
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4043.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4043
Aliases
Downstream
Published
2023-11-03T08:11:39.563Z
Modified
2026-05-13T04:23:33.919123696Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Parsson DoS when parsing numbers from untrusted sources
Details

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.

To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

Database specific 
{
    "cna_assigner": "eclipse",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4043.json",
    "cwe_ids": [
        "CWE-20",
        "CWE-834"
    ]
}
References

Affected packages

Git / github.com/eclipse-ee4j/parsson

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-ee4j/parsson
Events
Introduced
3266a62f65744415771ea94ec897e6dd51160a3c
Fixed
675484c73328fb5c559ee15ff496f6618c007d9e

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4043.json"