CVE-2023-33546

2023-06-0100:00:00

ubuntu.com

janino 3.1.9

denial of service

expression evaluator.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

19.2%

JSON

DISPUTED Janino 3.1.9 and earlier are subject to denial of service
(DOS) attacks when using the expression evaluator.guess parameter name
method. If the parser runs on user-supplied input, an attacker could supply
content that causes the parser to crash due to a stack overflow. NOTE: this
is disputed by multiple parties because Janino is not intended for use with
untrusted input.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjanino< anyUNKNOWN
ubuntu20.04noarchjanino< anyUNKNOWN
ubuntu22.04noarchjanino< anyUNKNOWN
ubuntu23.10noarchjanino< anyUNKNOWN
ubuntu24.04noarchjanino< anyUNKNOWN
ubuntu16.04noarchjanino< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	janino	< any	UNKNOWN
ubuntu	20.04	noarch	janino	< any	UNKNOWN
ubuntu	22.04	noarch	janino	< any	UNKNOWN
ubuntu	23.10	noarch	janino	< any	UNKNOWN
ubuntu	24.04	noarch	janino	< any	UNKNOWN
ubuntu	16.04	noarch	janino	< any	UNKNOWN