/

CVE-2023-1370 Report - Details, Severity, & Advisories

CVE-2023-1370 Report - Details, Severity, & Advisories

Twingate Team

Apr 17, 2024

CVE-2023-1370 is a high-severity vulnerability (CVSS 7.5) affecting the Json-smart library, a performance-focused JSON processor. This vulnerability can cause stack exhaustion (stack overflow) and crash the software when parsing malformed JSON input due to the lack of limits on the nesting of arrays or objects. Systems using the Json-smart library, particularly versions up to 2.4.9, are potentially at risk.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if you're using the net.minidev:json-smart component in your software. If you are, and your version is up to 2.4.9, then your system is at risk. This vulnerability is a high-severity issue (CVSS 7.5) that can cause stack exhaustion and crash the software when parsing malformed JSON input due to the lack of limits on the nesting of arrays or objects.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Json-smart library to a version that includes the fix. This will help prevent stack exhaustion and software crashes caused by excessive nesting of arrays or objects in JSON input. Reach out to your software provider for assistance if needed.

Is CVE-2023-1370 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1370 vulnerability, also known as Uncontrolled Recursion in Json-smart, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on 03/22/2023. There is no specific due date or required action mentioned, but it is recommended to update the affected Json-smart library to a secure version to prevent software crashes caused by excessive nesting of arrays or objects in JSON input.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-674, which involves uncontrolled recursion in the Json-smart library that can lead to stack exhaustion and software crashes when processing JSON input with excessive nesting of arrays or objects.

For more details

CVE-2023-1370, a high-severity vulnerability in the Json-smart library, can lead to stack exhaustion and software crashes when processing JSON input with excessive nesting of arrays or objects. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1370 Report - Details, Severity, & Advisories

CVE-2023-1370 Report - Details, Severity, & Advisories

Twingate Team

Apr 17, 2024

CVE-2023-1370 is a high-severity vulnerability (CVSS 7.5) affecting the Json-smart library, a performance-focused JSON processor. This vulnerability can cause stack exhaustion (stack overflow) and crash the software when parsing malformed JSON input due to the lack of limits on the nesting of arrays or objects. Systems using the Json-smart library, particularly versions up to 2.4.9, are potentially at risk.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if you're using the net.minidev:json-smart component in your software. If you are, and your version is up to 2.4.9, then your system is at risk. This vulnerability is a high-severity issue (CVSS 7.5) that can cause stack exhaustion and crash the software when parsing malformed JSON input due to the lack of limits on the nesting of arrays or objects.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Json-smart library to a version that includes the fix. This will help prevent stack exhaustion and software crashes caused by excessive nesting of arrays or objects in JSON input. Reach out to your software provider for assistance if needed.

Is CVE-2023-1370 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1370 vulnerability, also known as Uncontrolled Recursion in Json-smart, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on 03/22/2023. There is no specific due date or required action mentioned, but it is recommended to update the affected Json-smart library to a secure version to prevent software crashes caused by excessive nesting of arrays or objects in JSON input.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-674, which involves uncontrolled recursion in the Json-smart library that can lead to stack exhaustion and software crashes when processing JSON input with excessive nesting of arrays or objects.

For more details

CVE-2023-1370, a high-severity vulnerability in the Json-smart library, can lead to stack exhaustion and software crashes when processing JSON input with excessive nesting of arrays or objects. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1370 Report - Details, Severity, & Advisories

Twingate Team

Apr 17, 2024

CVE-2023-1370 is a high-severity vulnerability (CVSS 7.5) affecting the Json-smart library, a performance-focused JSON processor. This vulnerability can cause stack exhaustion (stack overflow) and crash the software when parsing malformed JSON input due to the lack of limits on the nesting of arrays or objects. Systems using the Json-smart library, particularly versions up to 2.4.9, are potentially at risk.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if you're using the net.minidev:json-smart component in your software. If you are, and your version is up to 2.4.9, then your system is at risk. This vulnerability is a high-severity issue (CVSS 7.5) that can cause stack exhaustion and crash the software when parsing malformed JSON input due to the lack of limits on the nesting of arrays or objects.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Json-smart library to a version that includes the fix. This will help prevent stack exhaustion and software crashes caused by excessive nesting of arrays or objects in JSON input. Reach out to your software provider for assistance if needed.

Is CVE-2023-1370 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1370 vulnerability, also known as Uncontrolled Recursion in Json-smart, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on 03/22/2023. There is no specific due date or required action mentioned, but it is recommended to update the affected Json-smart library to a secure version to prevent software crashes caused by excessive nesting of arrays or objects in JSON input.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-674, which involves uncontrolled recursion in the Json-smart library that can lead to stack exhaustion and software crashes when processing JSON input with excessive nesting of arrays or objects.

For more details

CVE-2023-1370, a high-severity vulnerability in the Json-smart library, can lead to stack exhaustion and software crashes when processing JSON input with excessive nesting of arrays or objects. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.