Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-3433
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可逆的单向哈希
Source: NVD (National Vulnerability Database)
Vulnerability Title
aeson 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
aeson是Haskell开源的一个用于处理 JSON 数据的快速 Haskell 库。 aeson 存在安全漏洞,该漏洞源于其允许使用不受信任的JSON输入导致远程用户可以通过发送特别制作的JSON数据在底层无序容器库中产生散列冲突,从而导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-aeson Fixed in 2.0.1.0 -
II. Public POCs for CVE-2022-3433
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-3433
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: n/a
Same weakness: CWE-328
V. Comments for CVE-2022-3433

No comments yet

Leave a comment