CVE-2023-1370
Publication date 22 March 2023
Last updated 24 July 2024
Ubuntu priority
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| json-smart | ||
| 22.04 LTS jammy |
Fixed 2.2-2ubuntu0.22.04.1
|
|
| 20.04 LTS focal |
Fixed 2.2-2ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 2.2-2ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Ignored |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6011-1
- Json-smart vulnerabilities
- 12 April 2023