{"id":"CVE-2022-23462","summary":"Stack Buffer Overflow in iowow","details":"IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.","modified":"2026-03-20T11:53:22.969920Z","published":"2022-10-21T00:00:00Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-120","CWE-121"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23462.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23462.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23462"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2022-066_iowow/"},{"type":"FIX","url":"https://github.com/Softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/softmotions/iowow","events":[{"introduced":"29681afe8cd0ca902fa4a9c035ade10c74671047"},{"fixed":"a79d31e4cff1d5a08f665574b29fd885897a28fd"}]}],"versions":["v1.4.15"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/json/iwjson.c"},"source":"https://github.com/softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd","id":"CVE-2022-23462-559eb48a","digest":{"line_hashes":["766796156551109928825463158941420793","313399920557574803183991637749823479472","263177828327602983841948426301284726313","213023140891930593254087780782341736838"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false},{"target":{"function":"iwjson_ftoa","file":"src/json/iwjson.c"},"source":"https://github.com/softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd","id":"CVE-2022-23462-894648ee","digest":{"length":412,"function_hash":"15614091112779079732806033214521365388"},"signature_type":"Function","signature_version":"v1","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23462.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}