vulnerability
Red Hat JBoss EAP: CVE-2023-4043: Improper Input Validation
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:H/Au:N/C:N/I:N/A:C) | Nov 3, 2023 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:C)
Published
Nov 3, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.
To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.. A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service (DoS) due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected.
To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.. A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service (DoS) due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-20
- CWE-834
- CVE-2023-4043
- https://attackerkb.com/topics/CVE-2023-4043
- URL-https://access.redhat.com/security/cve/CVE-2023-4043
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2254594
- URL-https://access.redhat.com/errata/RHSA-2024:1192
- URL-https://access.redhat.com/errata/RHSA-2024:1193
- URL-https://access.redhat.com/errata/RHSA-2024:1194

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.