CVE-2022-23460

Published: Aug 19, 2022Modified: Oct 28, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

Affected (2)

Products: Hjiang: Json++

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hjiang Json++	Version 1.0.0
Hjiang Json++	Version 1.0.1

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (2)

https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx

Source: security-advisories@github.com

Broken Link

https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.