CVE-2020-36067Improper Validation of Array Index in Tidwall Gjson

CWE-129Improper Validation of Array Index6 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Tidwall GjsonDebian Golang-github-tidwall-gjsonGjson Project Gjson
Timeline
PublishedJan 5
Latest updateFeb 6

Description

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/golang-github-tidwall-gjson< golang-github-tidwall-gjson 1.6.7-1 (bookworm)

🔴Vulnerability Details

4
GHSA
Improper Validation of Array Index in GJSON2023-02-06
OSV
Improper Validation of Array Index in GJSON2023-02-06
OSV
Panic due to improper input validation in ForEach in github.com/tidwall/gjson2021-04-14
OSV
CVE-2020-36067: GJSON <=v12021-01-05

📋Vendor Advisories

1
Debian
CVE-2020-36067: golang-github-tidwall-gjson - GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime err...2020