[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.
It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
References
Link | Resource |
---|---|
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ | Exploit Third Party Advisory |
Configurations
History
01 Apr 2024, 15:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:json-smart_project:json-smart:*:*:*:*:*:*:*:* |
07 Nov 2023, 04:03
Type | Values Removed | Values Added |
---|---|---|
Summary | [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. |
29 Mar 2023, 19:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Json-smart Project
Json-smart Project json-smart |
|
CPE | cpe:2.3:a:json-smart_project:json-smart:2.4.9:*:*:*:*:*:*:* | |
CWE | CWE-674 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ - Exploit, Third Party Advisory |
22 Mar 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-22 06:15
Updated : 2024-04-01 15:45
NVD link : CVE-2023-1370
Mitre link : CVE-2023-1370
CVE.ORG link : CVE-2023-1370
JSON object : View
Products Affected
json-smart_project
- json-smart
CWE
CWE-674
Uncontrolled Recursion