{"id":"CVE-2022-3433","details":"The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.","aliases":["HSEC-2023-0001"],"modified":"2026-05-28T04:08:08.025283315Z","published":"2022-10-10T00:00:00Z","database_specific":{"cna_assigner":"redhat","cwe_ids":["CWE-328"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3433.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"Fixed in 2.0.1.0"}]}]},"references":[{"type":"WEB","url":"https://cs-syd.eu/posts/2021-09-11-json-vulnerability"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3433.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3433"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/haskell/aeson","events":[{"introduced":"0"},{"fixed":"bfc8de2a155fb6725701ec692e8a6db3986cfb36"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:haskell:aeson:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.0.1.0"}]}}],"versions":["1.5.6.0","v2.0.0.0","attoparsec-iso8601-1.0.2.0","1.5.5.0","1.5.5.1","1.5.4.1","1.5.4.0","1.5.3.0","1.5.2.0","1.5.1.0","1.5.0.0","1.4.7.1-r1","1.4.7.1","1.4.7.0","1.4.6.0","1.4.5.0","1.4.4.0","1.4.3.0","1.4.2.0","1.4.1.0","1.3.1.1","attoparsec-iso8601-1.0.0.0-r1","1.3.1.0","1.3.0.0","1.2.3.0","1.2.2.0","1.2.1.0","1.2.0.0","1.1.2.0","1.1.1.0","1.1.0.0","1.0.2.1","1.0.2.0","1.0.1.0-r1","1.0.1.0","1.0.0.0","0.11.1.4","0.11.1.3","0.11.1.2","0.11.1.1","0.11.1.0","0.11.0.0","0.10.0.0","0.9.0.1","0.9.0.0","0.8.1.1","0.8.1.0","0.8.0.2","0.8.0.1","0.8.0.0","0.7.0.3","0.7.0.2","0.7.0.1","0.7.0.0","0.6.2.0","0.6.1.0","0.6.0.2","0.6.0.0","0.5.0.0","0.4.0.1","0.4.0.0","0.3.2.12","0.3.2.10","0.3.2.9","0.3.2.8","0.3.2.7","0.3.2.6","0.3.2.5","0.3.2.4","0.3.2.3","0.3.2.2","0.3.2.1","0.3.2.0","0.3.1.1","0.3.0.0","0.2.0.0","0.1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3433.json"}}],"schema_version":"1.7.5"}