Published: 12/10/2023 Updated: 13/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
json-java project json-java

Debian Bug report logs - #1053882 libjson-java: CVE-2023-5072 Package: src:libjson-java; Maintainer for src:libjson-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 13 Oct 2023 13:30:01 UTC Severity: important Tags: security ...

Synopsis Important: Red Hat AMQ Streams 260 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Streams 260 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: Red Hat Integration Camel for Spring Boot 3204 release and security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel for Spring Boot 3204 release and security update is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Synopsis Important: Red Hat Integration Camel K 1105 release and security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel K 1105 release and security update is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS ...

概要 Important: Red Hat Build of Apache Camel for Quarkus 320 release (RHBQ 329Final) タイプ/重大度 Security Advisory: Important トピック Red Hat Build of Apache Camel for Quarkus 320 is now available (updates to RHBQ 329Final) The purpose of this text-only errata is to inform you about the enhancements that improve yo ...

概述 Important: Red Hat Integration Camel for Spring Boot 402 release security update 类型/严重性 Security Advisory: Important 标题 Red Hat Integration Camel for Spring Boot 402 release and security update is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...

Playing around with a tool for updating POM dependencies

pombump Programmatically manipulate maven (pomxml) dependencies Overview For easier patchability, add ways to selectively bump versions for dependencies The idea is just like gobump but for java Usage The idea is that there are some patches that should be applied to the upstream pomxml file You can specify these via --dependencies flag, or via --patch-file You can also u

Playing around with a tool for updating POM dependencies

pombump Programmatically manipulate maven (pomxml) dependencies Overview For easier patchability, add ways to selectively bump versions for dependencies The idea is just like gobump but for java Usage The idea is that there are some patches that should be applied to the upstream pomxml file You can specify these via --dependencies flag, or via --patch-file You can also u

CWE-770 https://github.com/stleary/JSON-java/issues/771 https://github.com/stleary/JSON-java/issues/758 http://www.openwall.com/lists/oss-security/2023/12/13/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053882 https://nvd.nist.gov https://github.com/chainguard-dev/pombump

CVE-2023-5072

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect