DoS Vulnerability in JSON-Java
CVE-2023-5072

7.5HIGH

Key Information:

Vendor: Https://github.com/stleary/json-java
Status: Json-java
Vendor: CVE Published:; 12 October 2023

🔔 Create Https://github.com/stleary/json-java Vulnerability Alert

What is CVE-2023-5072?

The Denial of Service vulnerability in JSON-Java, present in versions up to and including 20230618, arises from a flaw in the parser. A crafted input string, though modest in size, can cause the application to consume an indefinite amount of memory, potentially resulting in degraded application performance or a complete service interruption. Affected users should take immediate action to mitigate risks associated with this vulnerability.

References

https://github.com/stleary/JSON-java/issues/758

https://github.com/stleary/JSON-java/issues/771

http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
Sep 19, 2023