CVE-2023-1370

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-1370
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:json-smart_project:json-smart:*:*:*:*:*:*:*:*
History

01 Apr 2024, 15:45

Type Values Removed Values Added
CPE cpe:2.3:a:json-smart_project:json-smart:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:json-smart_project:json-smart:*:*:*:*:*:*:*:*

07 Nov 2023, 04:03

Type Values Removed Values Added
Summary [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

29 Mar 2023, 19:02

Type Values Removed Values Added
First Time Json-smart Project
Json-smart Project json-smart
CPE cpe:2.3:a:json-smart_project:json-smart:2.4.9:*:*:*:*:*:*:*
CWE CWE-674
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References (MISC) https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ - (MISC) https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ - Exploit, Third Party Advisory

22 Mar 2023, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-22 06:15

Updated : 2024-04-01 15:45

NVD link : CVE-2023-1370

Mitre link : CVE-2023-1370

CVE.ORG link : CVE-2023-1370

JSON object : View

Products Affected

json-smart_project

  • json-smart
CWE
CWE-674

Uncontrolled Recursion