CVE-2022-3433

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
References
Configurations

Configuration 1

cpe:2.3:a:haskell:aeson:*:*:*:*:*:*:*:*

Information

Published : 2022-10-10 10:15

Updated : 2022-10-11 06:58


NVD link : CVE-2022-3433

Mitre link : CVE-2022-3433

Products Affected
No products.
CWE
CWE-328

Use of Weak Hash

CWE-400