CVE-2022-3433

Medium

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in…

redhat·CWE-328·Published 2022-10-10

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

254 chars

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.

NVDen

254 chars

NVDes

303 chars

La biblioteca aeson no es segura para consumir entradas JSON no confiables. Un usuario remoto podría abusar de este fallo para producir una colisión de hash en la biblioteca subyacente unordered-containers mediante el envío de datos JSON especialmente diseñados, resultando en una denegación de servicio

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H