CVE-2023-34614

Vulnerability

CVE-2023-34614 describes a denial of service vulnerability in the jmarsden/jsonij library through version 0.5.2. The issue arises from the library's failure to handle cyclic dependencies in JSON objects, leading to infinite recursion and a stack overflow error when parsing maliciously crafted input [1].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted JSON object that contains circular references. No authentication is required, and the attack can be launched remotely if the application processes untrusted JSON data using the affected library. The only prerequisite is that the target system uses jsonij to parse the malicious input [1].

Impact

Successful exploitation results in a stack overflow, crashing the application and causing a denial of service. The original advisory also mentions the potential for "other unspecified impacts," though no further details are provided. The primary risk is temporary loss of service availability [1].

Mitigation

As of the publication date, no patch has been released for versions 0.5.2 and earlier. Users are advised to avoid processing untrusted JSON data with jsonij, or to switch to a maintained alternative library that properly handles cyclic objects [1].