Home > Vulnerability Database > CVE-2023-3040

Mend.io Vulnerability Database

CVE-2023-3040

Date: June 14, 2023

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://github.com/cloudflare/lua-resty-json/security/advisories/GHSA-h8rp-9622-83pg

Url: https://github.com/cloudflare/lua-resty-json/pull/14

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3040

Url: https://www.mend.io/vulnerability-database/CVE-2023-3040

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3040

Date: June 14, 2023

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?