CVE-2023-42277: Buffer Overflow

Q: What is the severity of CVE-2023-42277?

The severity of CVE-2023-42277 is critical with a CVSS score of 9.8.

Q: What is the affected software version of CVE-2023-42277?

The affected software version of CVE-2023-42277 is hutool v5.8.21.

Q: How was the vulnerability discovered in CVE-2023-42277?

The vulnerability in CVE-2023-42277 was discovered via the component `jsonObject.putByPath` in hutool v5.8.21.

Q: Is there a fix available for CVE-2023-42277?

Yes, a fix for CVE-2023-42277 is available in the latest version of hutool. It is recommended to update to the latest version to mitigate the vulnerability.

Q: Where can I find more information about CVE-2023-42277?

You can find more information about CVE-2023-42277 on the NIST NVD website (link: https://nvd.nist.gov/vuln/detail/CVE-2023-42277) and the GitHub repository of hutool (link: https://github.com/dromara/hutool/issues/3285).

Published Sep 8, 2023

Updated

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

Other sources

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

Affected Software

3 affected components

maven/cn.hutool:hutool-json<=5.8.21

maven/cn.hutool:hutool-core<=5.8.21

Hutool Hutool=5.8.21

Event History

Sep 8, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Sep 9, 2023

Advisory Published

12:30 AM

Frequently Asked Questions

What is the severity of CVE-2023-42277?

The severity of CVE-2023-42277 is critical with a CVSS score of 9.8.

What is the affected software version of CVE-2023-42277?

The affected software version of CVE-2023-42277 is hutool v5.8.21.

How was the vulnerability discovered in CVE-2023-42277?

The vulnerability in CVE-2023-42277 was discovered via the component `jsonObject.putByPath` in hutool v5.8.21.

Is there a fix available for CVE-2023-42277?