Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xur8-yfek-dkgd
Vulnerability ID VCID-xur8-yfek-dkgd
Aliases CVE-2020-10675
GHSA-rmh2-65xw-9m6q
Summary Infinite Loop in jsonparser The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10675.json
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2020-10675
cvssv3.1 7.5 https://github.com/buger/jsonparser
generic_textual HIGH https://github.com/buger/jsonparser
cvssv3.1 7.5 https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
generic_textual HIGH https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
cvssv3.1 7.5 https://github.com/buger/jsonparser/issues/188
generic_textual HIGH https://github.com/buger/jsonparser/issues/188
cvssv3.1 7.5 https://github.com/buger/jsonparser/pull/192
generic_textual HIGH https://github.com/buger/jsonparser/pull/192
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-10675
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10675
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-10675
cvssv3.1 7.5 https://pkg.go.dev/vuln/GO-2021-0089
generic_textual HIGH https://pkg.go.dev/vuln/GO-2021-0089
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10675.json
https://api.first.org/data/v1/epss?cve=CVE-2020-10675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10675
https://github.com/buger/jsonparser
https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
https://github.com/buger/jsonparser/issues/188
https://github.com/buger/jsonparser/pull/192
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI
https://nvd.nist.gov/vuln/detail/CVE-2020-10675
https://pkg.go.dev/vuln/GO-2021-0089
1817733 https://bugzilla.redhat.com/show_bug.cgi?id=1817733
954373 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954373
cpe:2.3:a:jsonparser_project:jsonparser:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jsonparser_project:jsonparser:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10675.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser/issues/188
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser/pull/192
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10675
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10675
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2021-0089
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.50844
EPSS Score 0.00275
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:11.552048+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-rmh2-65xw-9m6q/GHSA-rmh2-65xw-9m6q.json 38.0.0