Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-1370

Опубликовано: 22 мар. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

Json-smart is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

РелизСтатусПримечание
bionic

released

2.2-2ubuntu0.18.04.1
devel

released

2.2-2ubuntu1
esm-apps/bionic

released

2.2-2ubuntu0.18.04.1
esm-apps/focal

released

2.2-2ubuntu0.20.04.1
esm-apps/jammy

released

2.2-2ubuntu0.22.04.1
focal

released

2.2-2ubuntu0.20.04.1
jammy

released

2.2-2ubuntu0.22.04.1
kinetic

released

2.2-2ubuntu0.22.10.1
lunar

released

2.2-2ubuntu1
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 2%
0.00014
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-1370

CVSS3: 7.5
redhat
почти 3 года назад

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

nvd логотип

CVE-2023-1370

CVSS3: 7.5
nvd
почти 3 года назад

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

debian логотип

CVE-2023-1370

CVSS3: 7.5
debian
почти 3 года назад

[Json-smart](https://netplex.github.io/json-smart/) is a performance f ...

github логотип

GHSA-493p-pfq6-5258

CVSS3: 7.5
github
почти 3 года назад

json-smart Uncontrolled Recursion vulnerability

fstec логотип

BDU:2023-05397

CVSS3: 7.5
fstec
почти 3 года назад

Уязвимость библиотеки обработки JSON-данных Json-smart, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 2%
0.00014
Низкий

7.5 High

CVSS3