VDB

DEBIAN-CVE-2023-33546

DEBIAN-CVE-2023-33546 PUBLISHED CVSS 5.5 MEDIUM

Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12janino2.7.0-3, 3.1.12+dfsg, 2.7.0-2.1
Debian:14janino0, 0, 0
Debian:11janino2.7.0-2.1, 2.7.0-3, 3.1.12+dfsg-1
Debian:13janino0, 0, 0

Timeline

  • Jun 1, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›