CVE-2022-3433: Weak Encryption
Published Oct 10, 2022
·Updated
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Affected Software
1 affected component
haskell Aeson<2.0.1.0
Remediation
Patch Available
Event History
Oct 10, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Frequently Asked Questions
1
What is the severity of CVE-2022-3433?
CVE-2022-3433 has been classified as a high severity vulnerability.
2
How do I fix CVE-2022-3433?
To fix CVE-2022-3433, update the aeson library to version 2.0.1.0 or later.
3
What type of attack is associated with CVE-2022-3433?
CVE-2022-3433 is associated with denial of service attacks due to hash collisions.
4
Who is affected by CVE-2022-3433?
CVE-2022-3433 affects users of the aeson library prior to version 2.0.1.0.
5
What is the impact of CVE-2022-3433?
The impact of CVE-2022-3433 can lead to service disruption due to the denial of service caused by specially crafted JSON data.