// For flags

CVE-2021-31684

json-smart: Denial of Service in JSONParserByteArray function

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

Se ha detectado una vulnerabilidad en la función indexOf de JSONParserByteArray en versiones 1.3 y 2.4 de JSON Smart que causa una Denegación de Servicio (DOS) por medio de una petición web diseñada

A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2021-04-23 CVE Reserved
  • 2021-06-01 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-11-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Json-smart Project
Search vendor "Json-smart Project"
Json-smart-v1
Search vendor "Json-smart Project" for product "Json-smart-v1"
>= 1.3 < 1.3.3
Search vendor "Json-smart Project" for product "Json-smart-v1" and version " >= 1.3 < 1.3.3"
-
Affected
Json-smart Project
Search vendor "Json-smart Project"
Json-smart-v2
Search vendor "Json-smart Project" for product "Json-smart-v2"
>= 2.4 < 2.4.4
Search vendor "Json-smart Project" for product "Json-smart-v2" and version " >= 2.4 < 2.4.4"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.0.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.2.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.3.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.3.0"
-
Affected