Json
CVE-2022-23459
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.
AnalysisAI
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-415. Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. Affected products include: Hjiang Json\+\+.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
This affects the package json before 10.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable,
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Rated critical severity (CVSS 9.8), this vulner
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated high severity (CVSS 7.5), this vulnerability
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an
Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash v
Same weakness CWE-415 – Double Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today