Eclipse Parsson JSON vulnerability: Stack overflow and DoS risk
CVE-2023-7272

7.5HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Parsson
Vendor: CVE Published:; 17 July 2024

Summary

A vulnerability in Eclipse Parsson allows attackers to exploit documents with deep nesting of objects, leading to a Java stack overflow exception. This results in a denial of service scenario, impacting the ability to process JSON documents effectively. The vulnerability affects specific versions of Eclipse Parsson and poses risks for applications relying on secure JSON operations.

Affected Version(s)

Parsson 0 <= 1.0.3

Parsson 1.1.0 <= 1.1.2

References

https://gitlab.eclipse.org/security/vulnerability-reports...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Jul 17, 2024

Credit

PJ Fanning