Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-5072

Опубликовано: 12 окт. 2023
Источник: debian
EPSS Низкий

Описание

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libjson-javafixed3.1.0+dfsg-1package
libjson-javano-dsabookwormpackage
libjson-javano-dsabullseyepackage
libjson-javano-dsabusterpackage
jenkins-jsonunfixedpackage
jenkins-jsonpostponedtrixiepackage
jenkins-jsonpostponedbookwormpackage
jenkins-jsonno-dsabullseyepackage
jenkins-jsonno-dsabusterpackage
libjettison-javaunfixedpackage
libjettison-javapostponedtrixiepackage
libjettison-javapostponedbookwormpackage
libjettison-javano-dsabullseyepackage
libjettison-javano-dsabusterpackage

Примечания

  • https://github.com/stleary/JSON-java/issues/758

  • https://github.com/stleary/JSON-java/issues/771

  • https://github.com/stleary/JSON-java/pull/772/

  • https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe (20231013)

  • https://github.com/stleary/JSON-java/commit/16967f322ee65c301b48fa79bb681e38896fd212 (20231013)

  • https://github.com/stleary/JSON-java/commit/661114c50dcfd53bb041aab66f14bb91e0a87c8a (20231013)

  • https://github.com/kordamp/json-lib/issues/58

  • https://github.com/jettison-json/jettison/issues/86

EPSS

Процентиль: 64%
0.00468
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-5072

CVSS3: 7.5
ubuntu
около 2 лет назад

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

redhat логотип

CVE-2023-5072

CVSS3: 7.5
redhat
около 2 лет назад

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

nvd логотип

CVE-2023-5072

CVSS3: 7.5
nvd
около 2 лет назад

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

redos логотип

ROS-20240425-08

CVSS3: 7.5
redos
больше 1 года назад

Уязвимость OpenSearch

github логотип

GHSA-4jq9-2xhw-jpx7

CVSS3: 7.5
github
около 2 лет назад

Java: DoS Vulnerability in JSON-JAVA

EPSS

Процентиль: 64%
0.00468
Низкий