CVE-2023-5072
Summary
| CVE | CVE-2023-5072 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-10-12 17:15:00 UTC |
|---|
| Updated | 2023-10-18 18:17:00 UTC |
|---|
| Description | Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Confusion between `\0` and EOF can lead to OutOfMemoryError · Issue #758 · stleary/JSON-java · GitHub |
MISC |
github.com |
|
| Logic to exclude object keys that are themselves objects is imperfect · Issue #771 · stleary/JSON-java · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 379281 IBM MQ Denial of Service (DoS) Vulnerabilities (7096710)
- 379559 Atlassian Bitbucket Data Center and Server org.json:json Dependency Denial of Service (DoS) Vulnerability (BSERV-19037)
- 510680 Alpine Linux Security Update for openjdk17
- 510683 Alpine Linux Security Update for openjdk21
- 731171 Atlassian Confluence Data Center and Server Multiple Security Vulnerabilities (CONFSERVER-94236, CONFSERVER-94109, CONFSERVER-94111, CONFSERVER-94110)
- 731314 Atlassian Jira Software Data Center and Server Denial of Service (DoS) Vulnerability (JSWSERVER-25788)
- 731340 Atlassian Bamboo Server and Data Center Third Party Dependency Vulnerability (BAM-25607, BAM-25498)
- 995571 Java (Maven) Security Update for org.json:json (GHSA-rm7j-f5g5-27vv)
