VYPR
High severityNVD Advisory· Published Mar 13, 2023· Updated Feb 27, 2025

Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON

CVE-2023-1370

Description

Json-smart is a performance focused, JSON processor lib.

When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.

It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
net.minidev:json-smartMaven
< 2.4.92.4.9

Affected products

35

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.