VDB
DEBIAN-CVE-2023-33546
DEBIAN-CVE-2023-33546
PUBLISHED
CVSS 5.5 MEDIUM
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | janino | 2.7.0-3, 3.1.12+dfsg, 2.7.0-2.1 |
| Debian:14 | janino | 0, 0, 0 |
| Debian:11 | janino | 2.7.0-2.1, 2.7.0-3, 3.1.12+dfsg-1 |
| Debian:13 | janino | 0, 0, 0 |
Timeline
- Jun 1, 2023 CVE Published
- Apr 28, 2026 CVE Updated