A high-severity vulnerability has been identified in multiple products from the vendor Inefficient, which could allow a remote attacker to cause a denial of service. The flaw lies in an inefficient algorithm used to process JSON data, allowing a specially crafted request to consume excessive system resources and make the affected service unavailable to legitimate users. Organizations are urged to apply vendor-supplied patches immediately to mitigate the risk of service disruption.

The vulnerability exists within the mjson parsing library utilized by HAProxy, a component within the affected products. A flaw in the algorithmic complexity of the JSON parser can lead to disproportionately high CPU consumption when processing certain specially crafted JSON requests. An unauthenticated, remote attacker can exploit this by sending a JSON payload designed to trigger the worst-case performance of the parsing algorithm, such as one with a high degree of nesting or a large number of keys. This forces the server to expend significant resources on a single request, effectively blocking it from handling legitimate traffic and resulting in a Denial of Service (DoS) condition.

This vulnerability is rated as a High severity with a CVSS score of 7.5. Successful exploitation could lead to a complete denial of service for applications and systems relying on the affected products. The primary business impact is operational disruption, which can result in significant financial losses from downtime, reputational damage, and potential violation of Service Level Agreements (SLAs). Since the attack can be launched remotely without any authentication, any public-facing services are at a high risk of being targeted, potentially impacting customer-facing portals, APIs, and other critical business functions.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected systems immediately. Before deployment to production, patches should be tested in a staging environment to ensure compatibility and stability. Concurrently, security teams should begin actively monitoring for signs of exploitation by reviewing application and web server access logs for anomalous or malformed JSON requests.

Proactive Monitoring: Implement enhanced monitoring focused on detecting potential exploitation attempts. This includes:

• Log Analysis: Scrutinize logs for inbound requests with unusually large or complex JSON payloads. Alert on a high volume of requests from a single source IP targeting JSON-based endpoints.
• Performance Monitoring: Set up alerts for sustained high CPU utilization on servers running the affected software, as this is the primary indicator of an active attack.
• Traffic Analysis: Monitor for network traffic patterns that include requests with abnormally long processing times.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:

• Web Application Firewall (WAF): Configure a WAF to inspect and block requests containing overly complex JSON structures. Implement rules to limit JSON nesting depth, payload size, and the number of keys per object.
• Rate Limiting: Apply strict rate-limiting on public-facing API endpoints and services to slow down and mitigate the impact of automated DoS attacks.
• Input Validation: Use an API gateway or reverse proxy to enforce strict schema validation on all incoming JSON requests before they are passed to the vulnerable backend service.

Public Exploit Available: false

Given the High severity (CVSS 7.5) of this remote, unauthenticated Denial of Service vulnerability, we recommend that organizations prioritize the immediate application of vendor-supplied security patches. Although this CVE is not currently listed on the CISA KEV list, its potential to cause significant operational disruption to public-facing services warrants urgent action. If patching must be delayed, the implementation of compensating controls, particularly WAF rules and rate-limiting, is critical to protect against potential attacks and ensure business continuity.