CVE-2021-31684

Published: Jun 1, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

Affected (5)

Products: Json Smart Project: Json Smart V1, Json Smart V2 · Oracle: Utilities Framework

2 products

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Json Smart Project Json Smart V1	From 1.3 to 1.3.3
Json Smart Project Json Smart V2	From 2.4 to 2.4.4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Utilities Framework	Version 4.4.0.0.0
Oracle Utilities Framework	Version 4.4.0.2.0
Oracle Utilities Framework	Version 4.4.0.3.0

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (16)

https://github.com/netplex/json-smart-v1/issues/10

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/netplex/json-smart-v1/pull/11

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/netplex/json-smart-v2/issues/67

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/netplex/json-smart-v2/pull/68

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20240621-0006/

Source: cve@mitre.org

https://www.oracle.com/security-alerts/cpujan2022.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: cve@mitre.org

https://github.com/netplex/json-smart-v1/issues/10