Out of Bounds Access Leading to Undefined Behavior
CVE-2023-3040

7.5HIGH

Key Information:

Vendor: Cloudflare
Status: lua-resty-json
Vendor: CVE Published:; 14 June 2023

What is CVE-2023-3040?

The lua-resty-json package by Cloudflare contains a vulnerability stemming from an out of bounds access in its debug function. This issue, present in versions prior to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a, could allow an attacker to exploit the function when parsing untrusted data, potentially leading to a Denial of Service (DoS) condition. However, it is essential to note that this debug function is primarily utilized for testing and demonstration purposes, meaning it is not easily exploitable in typical deployment scenarios. For detailed information on this vulnerability, refer to the official advisory and pull request links.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

lua-resty-json Windows 1 < 14

References

https://github.com/cloudflare/lua-resty-json/pull/14

https://github.com/cloudflare/lua-resty-json/security/adv...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jun 1, 2023

Credit

Carlos López (00xc)

JSON

Cloudflare

What is CVE-2023-3040?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.