Vulnerabilities > CVE-2023-4043 - Excessive Iteration vulnerability in Eclipse Parsson

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

eclipse

CWE-834

NVD

Published: 2023-11-03

Updated: 2023-11-13

Summary

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

Vulnerable Configurations

Part	Description	Count
Application	Eclipse Eclipse Parsson - Eclipse Parsson 1.0.0 Eclipse Parsson 1.0.1 Eclipse Parsson 1.0.2 Eclipse Parsson 1.0.3 Eclipse Parsson 1.0.4 Eclipse Parsson 1.1.0 Eclipse Parsson 1.1.1 Eclipse Parsson 1.1.2 Eclipse Parsson 1.1.3	10

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References