Vulnerability Details CVE-2023-31441
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.2%
CVSS Severity
CVSS v3 Score 5.5
References
- https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java
- https://github.com/NCI-Agency/anet/issues/4408
- https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java
- https://github.com/NCI-Agency/anet/issues/4408
Products affected by CVE-2023-31441
-
cpe:2.3:a:ncia:advisor_network:-
-
cpe:2.3:a:ncia:advisor_network:0.0.14
-
cpe:2.3:a:ncia:advisor_network:2.0.0
-
cpe:2.3:a:ncia:advisor_network:2.0.1
-
cpe:2.3:a:ncia:advisor_network:2.0.10
-
cpe:2.3:a:ncia:advisor_network:2.0.11
-
cpe:2.3:a:ncia:advisor_network:2.0.12
-
cpe:2.3:a:ncia:advisor_network:2.0.13
-
cpe:2.3:a:ncia:advisor_network:2.0.14
-
cpe:2.3:a:ncia:advisor_network:2.0.15
-
cpe:2.3:a:ncia:advisor_network:2.0.16
-
cpe:2.3:a:ncia:advisor_network:2.0.17
-
cpe:2.3:a:ncia:advisor_network:2.0.18
-
cpe:2.3:a:ncia:advisor_network:2.0.18.1
-
cpe:2.3:a:ncia:advisor_network:2.0.19
-
cpe:2.3:a:ncia:advisor_network:2.0.2
-
cpe:2.3:a:ncia:advisor_network:2.0.20
-
cpe:2.3:a:ncia:advisor_network:2.0.20.1
-
cpe:2.3:a:ncia:advisor_network:2.0.21
-
cpe:2.3:a:ncia:advisor_network:2.0.22
-
cpe:2.3:a:ncia:advisor_network:2.0.22.1
-
cpe:2.3:a:ncia:advisor_network:2.0.23
-
cpe:2.3:a:ncia:advisor_network:2.0.24
-
cpe:2.3:a:ncia:advisor_network:2.0.25
-
cpe:2.3:a:ncia:advisor_network:2.0.26
-
cpe:2.3:a:ncia:advisor_network:2.0.27
-
cpe:2.3:a:ncia:advisor_network:2.0.28
-
cpe:2.3:a:ncia:advisor_network:2.0.29
-
cpe:2.3:a:ncia:advisor_network:2.0.3
-
cpe:2.3:a:ncia:advisor_network:2.0.30
-
cpe:2.3:a:ncia:advisor_network:2.0.31
-
cpe:2.3:a:ncia:advisor_network:2.0.32
-
cpe:2.3:a:ncia:advisor_network:2.0.33
-
cpe:2.3:a:ncia:advisor_network:2.0.34
-
cpe:2.3:a:ncia:advisor_network:2.0.35
-
cpe:2.3:a:ncia:advisor_network:2.0.36
-
cpe:2.3:a:ncia:advisor_network:2.0.37
-
cpe:2.3:a:ncia:advisor_network:2.0.38
-
cpe:2.3:a:ncia:advisor_network:2.0.39
-
cpe:2.3:a:ncia:advisor_network:2.0.4
-
cpe:2.3:a:ncia:advisor_network:2.0.40
-
cpe:2.3:a:ncia:advisor_network:2.0.41
-
cpe:2.3:a:ncia:advisor_network:2.0.42
-
cpe:2.3:a:ncia:advisor_network:2.0.43
-
cpe:2.3:a:ncia:advisor_network:2.0.44
-
cpe:2.3:a:ncia:advisor_network:2.0.45
-
cpe:2.3:a:ncia:advisor_network:2.0.46
-
cpe:2.3:a:ncia:advisor_network:2.0.47
-
cpe:2.3:a:ncia:advisor_network:2.0.48
-
cpe:2.3:a:ncia:advisor_network:2.0.49
-
cpe:2.3:a:ncia:advisor_network:2.0.5
-
cpe:2.3:a:ncia:advisor_network:2.0.50
-
cpe:2.3:a:ncia:advisor_network:2.0.51
-
cpe:2.3:a:ncia:advisor_network:2.0.6
-
cpe:2.3:a:ncia:advisor_network:2.0.7
-
cpe:2.3:a:ncia:advisor_network:2.0.8
-
cpe:2.3:a:ncia:advisor_network:2.0.9
-
cpe:2.3:a:ncia:advisor_network:2.1.1
-
cpe:2.3:a:ncia:advisor_network:2.1.10
-
cpe:2.3:a:ncia:advisor_network:2.1.11
-
cpe:2.3:a:ncia:advisor_network:2.1.12
-
cpe:2.3:a:ncia:advisor_network:2.1.13
-
cpe:2.3:a:ncia:advisor_network:2.1.14
-
cpe:2.3:a:ncia:advisor_network:2.1.15
-
cpe:2.3:a:ncia:advisor_network:2.1.16
-
cpe:2.3:a:ncia:advisor_network:2.1.17
-
cpe:2.3:a:ncia:advisor_network:2.1.18
-
cpe:2.3:a:ncia:advisor_network:2.1.19
-
cpe:2.3:a:ncia:advisor_network:2.1.2
-
cpe:2.3:a:ncia:advisor_network:2.1.20
-
cpe:2.3:a:ncia:advisor_network:2.1.22
-
cpe:2.3:a:ncia:advisor_network:2.1.23
-
cpe:2.3:a:ncia:advisor_network:2.1.24
-
cpe:2.3:a:ncia:advisor_network:2.1.25
-
cpe:2.3:a:ncia:advisor_network:2.1.26
-
cpe:2.3:a:ncia:advisor_network:2.1.27
-
cpe:2.3:a:ncia:advisor_network:2.1.28
-
cpe:2.3:a:ncia:advisor_network:2.1.29
-
cpe:2.3:a:ncia:advisor_network:2.1.3
-
cpe:2.3:a:ncia:advisor_network:2.1.30
-
cpe:2.3:a:ncia:advisor_network:2.1.31
-
cpe:2.3:a:ncia:advisor_network:2.1.32
-
cpe:2.3:a:ncia:advisor_network:2.1.33
-
cpe:2.3:a:ncia:advisor_network:2.1.34
-
cpe:2.3:a:ncia:advisor_network:2.1.35
-
cpe:2.3:a:ncia:advisor_network:2.1.36
-
cpe:2.3:a:ncia:advisor_network:2.1.37
-
cpe:2.3:a:ncia:advisor_network:2.1.38
-
cpe:2.3:a:ncia:advisor_network:2.1.39
-
cpe:2.3:a:ncia:advisor_network:2.1.4
-
cpe:2.3:a:ncia:advisor_network:2.1.40
-
cpe:2.3:a:ncia:advisor_network:2.1.41
-
cpe:2.3:a:ncia:advisor_network:2.1.42
-
cpe:2.3:a:ncia:advisor_network:2.1.43
-
cpe:2.3:a:ncia:advisor_network:2.1.44
-
cpe:2.3:a:ncia:advisor_network:2.1.45
-
cpe:2.3:a:ncia:advisor_network:2.1.46
-
cpe:2.3:a:ncia:advisor_network:2.1.47
-
cpe:2.3:a:ncia:advisor_network:2.1.48
-
cpe:2.3:a:ncia:advisor_network:2.1.49
-
cpe:2.3:a:ncia:advisor_network:2.1.5
-
cpe:2.3:a:ncia:advisor_network:2.1.50
-
cpe:2.3:a:ncia:advisor_network:2.1.51
-
cpe:2.3:a:ncia:advisor_network:2.1.52
-
cpe:2.3:a:ncia:advisor_network:2.1.53
-
cpe:2.3:a:ncia:advisor_network:2.1.54
-
cpe:2.3:a:ncia:advisor_network:2.1.6
-
cpe:2.3:a:ncia:advisor_network:2.1.7
-
cpe:2.3:a:ncia:advisor_network:2.1.8
-
cpe:2.3:a:ncia:advisor_network:2.1.9
-
cpe:2.3:a:ncia:advisor_network:2.2.0
-
cpe:2.3:a:ncia:advisor_network:2.2.1
-
cpe:2.3:a:ncia:advisor_network:2.2.2
-
cpe:2.3:a:ncia:advisor_network:2.2.49
-
cpe:2.3:a:ncia:advisor_network:2.2.50
-
cpe:2.3:a:ncia:advisor_network:2.2.51
-
cpe:2.3:a:ncia:advisor_network:2.2.52
-
cpe:2.3:a:ncia:advisor_network:3.0.53
-
cpe:2.3:a:ncia:advisor_network:3.0.54
-
cpe:2.3:a:ncia:advisor_network:3.1.0
-
cpe:2.3:a:ncia:advisor_network:3.1.1
-
cpe:2.3:a:ncia:advisor_network:3.1.2
-
cpe:2.3:a:ncia:advisor_network:3.2.0
-
cpe:2.3:a:ncia:advisor_network:3.2.1
-
cpe:2.3:a:ncia:advisor_network:3.3.0