CVE-2023-42278: Buffer Overflow

Q: What is CVE-2023-42278?

CVE-2023-42278 is a vulnerability in hutool v5.8.21 that allows for a buffer overflow through the JSONUtil.parse() component.

Q: What is the severity of CVE-2023-42278?

The severity of CVE-2023-42278 is high with a CVSS score of 7.5.

Q: Which software versions are affected by CVE-2023-42278?

hutool v5.8.21 is affected by CVE-2023-42278.

Q: How can I fix CVE-2023-42278?

To fix CVE-2023-42278, update hutool to a version higher than 5.8.21.

Q: Where can I find more information about CVE-2023-42278?

More information about CVE-2023-42278 can be found at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-42278), [GitHub Issue](https://github.com/dromara/hutool/issues/3289), [GitHub Commit](https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12).

Published Sep 8, 2023

Updated

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

Other sources

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

Affected Software

3 affected componentsFixes available

maven/cn.hutool:hutool-json<5.8.22

5.8.22

maven/cn.hutool:hutool-core<5.8.22

5.8.22

Hutool Hutool=5.8.21

Event History

Sep 8, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Sep 9, 2023

Advisory Published

12:30 AM

Frequently Asked Questions

What is CVE-2023-42278?

CVE-2023-42278 is a vulnerability in hutool v5.8.21 that allows for a buffer overflow through the JSONUtil.parse() component.

What is the severity of CVE-2023-42278?

The severity of CVE-2023-42278 is high with a CVSS score of 7.5.

Which software versions are affected by CVE-2023-42278?

hutool v5.8.21 is affected by CVE-2023-42278.

How can I fix CVE-2023-42278?