Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-1370
HistoryMar 22, 2023 - 12:00 a.m.

CVE-2023-1370

2023-03-2200:00:00
ubuntu.com
ubuntu.com
739
json-smart
json processor
cve-2023-1370
stack exhaustion
stack overflow
software crash
security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.2%

Json-smart is a performance
focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the
JSON input, the code parses an array or an object respectively. It was
discovered that the code does not have any limit to the nesting of such
arrays or objects. Since the parsing of nested arrays and objects is done
recursively, nesting too many of them can cause a stack exhaustion (stack
overflow) and crash the software.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjson-smart< 2.2-2ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchjson-smart< 2.2-2ubuntu0.20.04.1UNKNOWN
ubuntu22.04noarchjson-smart< 2.2-2ubuntu0.22.04.1UNKNOWN
ubuntu22.10noarchjson-smart< 2.2-2ubuntu0.22.10.1UNKNOWN
ubuntu23.04noarchjson-smart< 2.2-2ubuntu1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.2%