cve/CVE-2023-1370.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

Json-smart is a performance focused, JSON processor lib.When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

POC

Reference

https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/DrC0okie/HEIG_SLH_Labo1
https://github.com/seal-community/patches
https://github.com/srchen1987/springcloud-distributed-transaction

1.2 KiB Raw Blame History Unescape Escape

CVE-2023-1370

Description

POC

Reference

Github

1.2 KiB

Raw Blame History