CVE-2021-31684

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

7.5HIGH

EPSS

0.1%

top 80.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Json-smart Project Json-smart-v1 Json-smart Project Json-smart-v2 Oracle Utilities Framework

Timeline

PublishedJun 1

Latest updateDec 12

Description

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶Mavennet.minidev:json-smart1.3.0 — 1.3.3+1

▶NVDjson-smart_project/json-smart-v11.3 — 1.3.3

▶NVDjson-smart_project/json-smart-v22.4 — 2.4.4

▶Debianjson-smart< 2.2-2+deb11u1+3

▶Ubuntujson-smart< 2.2-2ubuntu0.18.04.1+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

json-smart vulnerabilities↗2023-04-12

▶

GHSA

Out of bounds read in json-smart↗2022-02-10

▶

OSV

Out of bounds read in json-smart↗2022-02-10

▶

OSV

CVE-2021-31684: A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1↗2021-06-01

▶

CVEList

CVE-2021-31684: A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1↗2021-06-01

▶

📋Vendor Advisories

Atlassian

CVE-2021-31684: All versions up to 7.19.16 From 8.0.x to 8.3.3 From 8.4.x to 8.4.5 From 8.5.x to 8.5.4 From 8.6.x to 8.6.2 And 8.7.0↗2023-12-12

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (json-smart) — CVE-2021-31684↗2023-04-15

▶

Ubuntu

Json-smart vulnerabilities↗2023-04-12

▶

Oracle

Oracle Oracle JD Edwards Risk Matrix: E1 IOT Orchestrator (JSON Smart) — CVE-2021-31684↗2022-07-15

▶

Red Hat

json-smart: Denial of Service in JSONParserByteArray function↗2021-06-01

▶