A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
Weakness
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| HawtIO HawtIO 4.2.0 | RedHat | json-smart | * |
| OCP-Tools-4.12-RHEL-8 | RedHat | jenkins-0:2.504.2.1750932984-3.el8 | * |
| OCP-Tools-4.12-RHEL-8 | RedHat | jenkins-2-plugins-0:4.12.1750933270-1.el8 | * |
| OCP-Tools-4.13-RHEL-8 | RedHat | jenkins-0:2.504.2.1750916374-3.el8 | * |
| OCP-Tools-4.13-RHEL-8 | RedHat | jenkins-2-plugins-0:4.13.1750916671-1.el8 | * |
| OCP-Tools-4.14-RHEL-8 | RedHat | jenkins-0:2.504.2.1750903189-3.el8 | * |
| OCP-Tools-4.14-RHEL-8 | RedHat | jenkins-2-plugins-0:4.14.1750903529-1.el8 | * |
| OCP-Tools-4.15-RHEL-8 | RedHat | jenkins-0:2.504.2.1750856366-3.el8 | * |
| OCP-Tools-4.15-RHEL-8 | RedHat | jenkins-2-plugins-0:4.15.1750856638-1.el8 | * |
| OCP-Tools-4.16-RHEL-9 | RedHat | jenkins-0:2.504.2.1750857144-3.el9 | * |
| OCP-Tools-4.16-RHEL-9 | RedHat | jenkins-2-plugins-0:4.16.1750857315-1.el9 | * |
| OCP-Tools-4.17-RHEL-9 | RedHat | jenkins-0:2.504.2.1750851690-3.el9 | * |
| OCP-Tools-4.17-RHEL-9 | RedHat | jenkins-2-plugins-0:4.17.1750851950-1.el9 | * |
| OCP-Tools-4.18-RHEL-9 | RedHat | jenkins-0:2.504.2.1750846524-3.el9 | * |
| OCP-Tools-4.18-RHEL-9 | RedHat | jenkins-2-plugins-0:4.18.1750846854-1.el9 | * |
| Red Hat build of Apache Camel 4.8.5 for Spring Boot | RedHat | json-smart | * |
| Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 | RedHat | quarkus-camel-bom | * |
| Json-smart | Ubuntu | focal | * |
| Json-smart | Ubuntu | oracular | * |
| Json-smart | Ubuntu | plucky | * |