CVE-2023-5072

Published: Oct 12, 2023Modified: Sep 19, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Affected (1)

Products: Stleary: Json Java

Stleary

1 product

Json Java

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Stleary Json Java	Up to 20230618

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (8)

http://www.openwall.com/lists/oss-security/2023/12/13/4

Source: cve-coordination@google.com

https://github.com/stleary/JSON-java/issues/758

Source: cve-coordination@google.com

Issue Tracking

https://github.com/stleary/JSON-java/issues/771

Source: cve-coordination@google.com

ExploitIssue Tracking

https://security.netapp.com/advisory/ntap-20240621-0007/

Source: cve-coordination@google.com

http://www.openwall.com/lists/oss-security/2023/12/13/4

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/stleary/JSON-java/issues/758

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/stleary/JSON-java/issues/771

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://security.netapp.com/advisory/ntap-20240621-0007/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.