2451846 – (CVE-2026-32285) CVE-2026-32285 github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input

Bug 2451846 (CVE-2026-32285) - CVE-2026-32285 github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input

Summary: CVE-2026-32285 github.com/buger/jsonparser: github.com/buger/jsonparser: Deni...

Keywords:
Status:	NEW
Alias:	CVE-2026-32285
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2452364 2452365 2452366 2452367 2452368 2452369 2452370 2452371 2452372 2452373 2452374 2452375 2452376 2452377 2452378
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-26 20:02 UTC by OSIDB Bzimport
Modified:	2026-03-27 18:28 UTC (History)
CC List:	32 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-26 20:02:19 UTC

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

Note You need to log in before you can comment on or make changes to this bug.

agarcial
alcohan
anjoseph
aoconnor
asegurap
dschmidt
eglynn
erezende
gparvin
jbalunas
jburrell
jcantril
jjoyce
jlanda
jprabhak
jschluet
jsherril
kaycoth
kshier
lhh
mburns
mgarciac
mwringe
pahickey
rhaigner
rojacob
simaishi
smcdonal
stcannon
teagle
wtam
yguenane