CVE-2023-3040
Published: 14 June 2023
Summary
CVE-2023-3040 is a low-severity Out-of-bounds Read (CWE-125) vulnerability in Cloudflare Lua-Resty-Json. Its CVSS base score is 3.7 (Low).
Operationally, ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-43732
Vulnerability details
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse…
more
untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.