Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-30421

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Apr, 2025 | 00:00
Updated At-21 Apr, 2025 | 14:22
Rejected At-
Credits

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Apr, 2025 | 00:00
Updated At:21 Apr, 2025 | 14:22
Rejected At:
▼CVE Numbering Authority (CNA)

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.

Affected Products
Vendor
mjson project
Product
mjson
Default Status
unknown
Versions
Affected
  • 1.2.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-407CWE-407 Inefficient Algorithmic Complexity
Type: CWE
CWE ID: CWE-407
Description: CWE-407 Inefficient Algorithmic Complexity
Metrics
VersionBase scoreBase severityVector
3.12.9LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 2.9
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/boofish/json_bugs/blob/main/mjson
N/A
https://github.com/cesanta/mjson/releases
N/A
Hyperlink: https://github.com/boofish/json_bugs/blob/main/mjson
Resource: N/A
Hyperlink: https://github.com/cesanta/mjson/releases
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Apr, 2025 | 22:15
Updated At:15 Apr, 2026 | 00:35

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.9LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 2.9
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-407Secondarycve@mitre.org
CWE ID: CWE-407
Type: Secondary
Source: cve@mitre.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/boofish/json_bugs/blob/main/mjsoncve@mitre.org
N/A
https://github.com/cesanta/mjson/releasescve@mitre.org
N/A
Hyperlink: https://github.com/boofish/json_bugs/blob/main/mjson
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/cesanta/mjson/releases
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found

CVE-2026-45186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.43% / 34.41%
||
7 Day CHG+0.12%
Published-10 May, 2026 | 06:36
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Action-Not Available
Vendor-libexpat_projectlibexpat projectRed Hat, Inc.
Product-libexpatlibexpatRed Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Discovery 2Red Hat Enterprise Linux 7Red Hat JBoss Core Services 2.4.62.SP4Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2025-66382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.18% / 8.10%
||
7 Day CHG~0.00%
Published-28 Nov, 2025 | 00:00
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Action-Not Available
Vendor-libexpat_projectlibexpat projectSiemens AG
Product-libexpatlibexpatSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIPLUS S7-1500 CPU 1518-4 PN/DP MFP
CWE ID-CWE-407
Inefficient Algorithmic Complexity
Details not found