CVE-2023-42276
Description
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Hutool 5.8.21's JSONArray.add() allows arbitrarily large index causing OutOfMemoryError due to list expansion.
Vulnerability
Details
In hutool v5.8.21 [1], the JSONArray class's add(int index, Object element) method does not validate the index parameter [3]. When the index exceeds the current size, the method adds null elements repeatedly to reach the desired index, leading to uncontrolled memory allocation [4].
Exploitation
An attacker can trigger this vulnerability by providing a very large index value to JSONArray.add(). For example, calling add(1247626122, element) causes the internal ArrayList to expand to that size, resulting in an OutOfMemoryError [4]. No authentication or network access is required; the attack surface is any application that processes untrusted JSON input with user-controlled indices.
Impact
Successful exploitation leads to a denial of service (DoS) via memory exhaustion, crashing the Java application [4]. The issue was reported as a buffer overflow in the CVE description, but manifests as an uncontrolled memory allocation.
Mitigation
The vulnerability is fixed in commit 9ba8f9c [3], which adds a bounds check: if index > (list.size() + 1) * 2, a JSONException is thrown. Users should update to a version of hutool that includes this fix (e.g., after 5.8.21).
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cn.hutool:hutool-coreMaven | <= 5.8.21 | — |
cn.hutool:hutool-jsonMaven | <= 5.8.21 | — |
Affected products
3- hutool/hutooldescription
- ghsa-coords2 versions
<= 5.8.21+ 1 more
- (no CPE)range: <= 5.8.21
- (no CPE)range: <= 5.8.21
Patches
19ba8f9ca5dd3修复SONArray的add()方法抛出OutOfMemory异常问题
3 files changed · +11 −1
CHANGELOG.md+2 −1 modified@@ -25,7 +25,8 @@ * 【core 】 修复Ipv4Util.getEndIpLong 取反符号导致数据越界(issue#I7U1OQ@Gitee) * 【http 】 修复302重定向时,Location中的问号被转义问题(issue#3265@Github) * 【core 】 修复CombinationAnnotationElement判断循环问题(pr#3267@Github) -* 【core 】 修复StrUtil#containsAny NPE问题问题(pr#1063@Gitee) +* 【core 】 修复StrUtil#containsAny NPE问题(pr#1063@Gitee) +* 【all 】 修复SONArray的add()方法抛出OutOfMemory异常问题(issue#3286@Github) ------------------------------------------------------------------------------------------------------------- # 5.8.21(2023-07-29)
hutool-core/src/main/java/cn/hutool/core/collection/ListUtil.java+5 −0 modified@@ -2,6 +2,7 @@ import cn.hutool.core.comparator.PinyinComparator; import cn.hutool.core.comparator.PropertyComparator; +import cn.hutool.core.exceptions.UtilException; import cn.hutool.core.lang.Assert; import cn.hutool.core.lang.Matcher; import cn.hutool.core.util.ArrayUtil; @@ -431,6 +432,10 @@ public static <T> List<T> setOrPadding(List<T> list, int index, T element, T pad if (index < size) { list.set(index, element); } else { + // issue#3286, 增加安全检查,最多增加2倍 + if(index > (list.size() + 1) * 2) { + throw new UtilException("Index is too large:", index); + } for (int i = size; i < index; i++) { list.add(paddingElement); }
hutool-json/src/main/java/cn/hutool/json/JSONArray.java+4 −0 modified@@ -457,6 +457,10 @@ public void add(int index, Object element) { InternalJSONUtil.testValidity(element); this.rawList.add(index, JSONUtil.wrap(element, this.config)); } else { + // issue#3286, 增加安全检查,最多增加2倍 + if(index > (this.size() + 1) * 2) { + throw new JSONException("Index is too large:", index); + } while (index != this.size()) { this.add(JSONNull.NULL); }
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
4News mentions
0No linked articles in our index yet.