Home > Vulnerability Database > CVE-2023-1370

Mend.io Vulnerability Database

CVE-2023-1370

Good to know:

Date: March 22, 2023

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

Language: Java

Severity Score

7.5

Related Resources (3)

Url: https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1370

Url: https://www.mend.io/vulnerability-database/CVE-2023-1370

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Recursion

CWE-674

Top Fix

Upgrade Version

Upgrade to version net.minidev:json-smart:2.4.9

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1370

Good to know:

Date: March 22, 2023

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?