Vulnerability DatabaseCVE-2026-32285
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-32285
March 26, 2026
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
Affected Packages
github.com/buger/jsonparser (GO):
Affected version(s) >=v1.0.0 <v1.1.2
Fix Suggestion:
Update to version v1.1.2
github.com/buger/jsonparser (GO):
Affected version(s) >=v1.0.0 <v1.1.2
Fix Suggestion:
Update to version v1.1.2
github.com/buger/jsonparser (GO):
Affected version(s) >=v1.0.0 <v1.1.2
Fix Suggestion:
Update to version v1.1.2
github.com/buger/jsonparser (GO):
Affected version(s) >=v1.0.0 <v1.1.2
Fix Suggestion:
Update to version v1.1.2
github.com/buger/jsonparser (GO):
Affected version(s) >=v1.0.0 <v1.1.2
Fix Suggestion:
Update to version v1.1.2
github.com/buger/jsonparser (GO):
Affected version(s) >=v1.0.0 <v1.1.2
Fix Suggestion:
Update to version v1.1.2
Related ResourcesĀ (10)
https://nvd.nist.gov/vuln/detail/CVE-2026-32285
https://github.com/buger/jsonparser/issues/275
https://github.com/buger/jsonparser/pull/276
https://pkg.go.dev/vuln/GO-2026-4514
https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026
https://github.com/buger/jsonparser
https://github.com/buger/jsonparser/releases/tag/v1.1.2
https://cyber.securityinfinity.com/buger-jsonparser-negative-slice-panic-dos-2026
https://github.com/golang/vulndb/issues/4514
https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.02