Back to Vulnerability database

Stack Overflow in JSON RPC Server

ID Submit date Publish date Author Score
1 10.29.2018 11.06.2018 talko 10.0

Decription

There is a stack overflow bug in json_parser when parsing nesting objects. Monero's json parser (handled by epee libraries) doesn't check object tree depth while parsing Attacker could run arbitrary code Vector: BVSS:1.1/B:N/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:N

Component

Node

Platform

Monero

Subclass

Stack Overflow

Comments