Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-1370
PUBLISHED
More InfoOfficial Page
Assigner-JFROG
Assigner Org ID-48a46f29-ae42-4e1d-90dd-c1676c1e5e6d
View Known Exploited Vulnerability (KEV) details
Published At-13 Mar, 2023 | 09:04
Updated At-27 Feb, 2025 | 19:09
Rejected At-
▼CVE Numbering Authority (CNA)
Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

Affected Products
Vendor
json-smart
Product
json-smart
Collection URL
https://mvnrepository.com
Package Name
net.minidev:json-smart
Versions
Affected
  • From 0 before 2.4.9 (maven)
Problem Types
TypeCWE IDDescription
CWECWE-674CWE-674 Uncontrolled Recursion
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
N/A
https://security.netapp.com/advisory/ntap-20240621-0006/
N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
x_transferred
https://security.netapp.com/advisory/ntap-20240621-0006/
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found