2213863 – (CVE-2023-33546) CVE-2023-33546 janino: DoS in expression evaluator.guess parameter name method

Bug 2213863 (CVE-2023-33546) - CVE-2023-33546 janino: DoS in expression evaluator.guess parameter name method

Summary: CVE-2023-33546 janino: DoS in expression evaluator.guess parameter name method

Keywords:
Status:	NEW
Alias:	CVE-2023-33546
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2213870
Blocks:	2211761
TreeView+	depends on / blocked

Reported:	2023-06-09 15:50 UTC by Chess Hazlett
Modified:	2024-02-01 03:42 UTC (History)
CC List:	58 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A denial of service vulnerability was found in the janino compiler. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Chess Hazlett 2023-06-09 15:50:24 UTC

janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.

Note You need to log in before you can comment on or make changes to this bug.

adupliak
aileenc
alampare
asoldano
ataylor
bbaranow
bbuckingham
bcourt
bmaxwell
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dkreling
dosoudil
ehelms
emingora
fjuma
fmongiar
gmalinko
ivassile
iweiss
janstey
jnethert
jpoth
jross
jscholz
jsherril
lgao
lpetrovi
lzap
mhulan
mnovotny
mosmerov
msochure
mstefank
msvehla
myarboro
nmoumoul
nwallace
orabin
pcreech
pdelbell
peholase
pjindal
pmackay
rchan
rguimara
rjohnson
rrajasek
rstancel
rsynek
saroy
smaestri
swoodman
tcunning
tom.jenkinson
yfang