CVE-2013-3861Improper Input Validation in Microsoft NET Framework

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
78.4%
top 0.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedOct 9
Latest updateMay 14

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDmicrosoft/net_framework5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-9q6c-gh3r-qpjr: Microsoft2022-05-14
CVEList
CVE-2013-3861: Microsoft2013-10-09
CVE-2013-3861 — Improper Input Validation in Microsoft | cvebase