Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-1370

Опубликовано: 22 мар. 2023
Источник: debian
EPSS Низкий

Описание

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
json-smartfixed2.2-3package
json-smartfixed2.2-2+deb12u1bookwormpackage
json-smartfixed2.2-2+deb11u1bullseyepackage

Примечания

  • https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

  • Fixed by: https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a (2.4.9)

  • Fixed by: https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8 (2.4.10)

EPSS

Процентиль: 2%
0.00014
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-1370

CVSS3: 7.5
ubuntu
почти 3 года назад

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

redhat логотип

CVE-2023-1370

CVSS3: 7.5
redhat
почти 3 года назад

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

nvd логотип

CVE-2023-1370

CVSS3: 7.5
nvd
почти 3 года назад

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

github логотип

GHSA-493p-pfq6-5258

CVSS3: 7.5
github
почти 3 года назад

json-smart Uncontrolled Recursion vulnerability

fstec логотип

BDU:2023-05397

CVSS3: 7.5
fstec
почти 3 года назад

Уязвимость библиотеки обработки JSON-данных Json-smart, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 2%
0.00014
Низкий