CVE-2023-1370

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Json-smart versions 2.5.0 through 2.5.1

Description The issue is related to uncontrolled recursion in the Json-smart library. When the library encounters a '{' or '[' character in the JSON input, it parses an object or array respectively. However, there is no limit to the nesting of these objects or arrays, which can cause a stack exhaustion and crash the software. This can be exploited by an attacker to cause a Denial of Service (DoS).

Recommendations For Json-smart versions 2.5.0 through 2.5.1, upgrade to a version that includes a fix for this issue. As a temporary workaround, consider restricting the use of the Json-smart library to minimize the risk of exploitation. Avoid using the library to parse JSON input with deeply nested objects or arrays until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2023-05397

CLEANSTART-2026-DD05788

CLEANSTART-2026-VH41554

CVE-2023-1370

DLA-3373-1

GHSA-493P-PFQ6-5258

GHSA-5X5Q-8CGM-2HJQ

GHSA-PQ2G-WX69-C263

OESA-2023-1203

OESA-2023-1223

OESA-2023-1224

OESA-2023-1225

RHSA-2023:3362

RHSA-2023:3610

RHSA-2023:3622

RHSA-2023:3663

RHSA-2025:10092

RHSA-2025:10097

RHSA-2025:10098

RHSA-2025:10104

RHSA-2025:10118

RHSA-2025:10119

RHSA-2025:10120

USN-6011-1

Affected Products

Astra Linux

Jira

Jira Service Management Server

Json Smart

Linuxmint

Ubuntu

CVE-2023-1370

Weakness Enumeration

Related Identifiers

Affected Products

References · 243