CVE-2023-5072

CVSS V2 None CVSS V3 None

Description

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Overview

CVE ID
CVE-2023-5072

Assigner
Google

Vulnerability Status
PUBLISHED

Published Version
2023-10-12T16:13:27.974Z

Last Modified Date
2024-05-21T03:38:31.550Z

Weakness Enumerations

CWE	URL
CWE-770	http://cwe.mitre.org/data/definitions/770.html

References

Reference URL	Reference Tags
https://github.com/stleary/JSON-java/issues/758
https://github.com/stleary/JSON-java/issues/771
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://security.netapp.com/advisory/ntap-20240621-0007/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5072
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 05:15:35				Added to TrackCVE