Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 19 Sep 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Stleary
Stleary json-java
CPEs cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* cpe:2.3:a:stleary:json-java:*:*:*:*:*:*:*:*
Vendors & Products Json-java Project
Json-java Project json-java
Stleary
Stleary json-java

Thu, 21 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published:

Updated: 2025-02-13T17:19:28.975Z

Reserved: 2023-09-19T18:29:03.608Z

Link: CVE-2023-5072

cve-icon Vulnrichment

Updated: 2024-08-02T07:44:53.789Z

cve-icon NVD

Status : Modified

Published: 2023-10-12T17:15:10.187

Modified: 2025-09-19T18:54:20.100

Link: CVE-2023-5072

cve-icon Redhat

Severity : Important

Publid Date: 2023-10-12T00:00:00Z

Links: CVE-2023-5072 - Bugzilla

cve-icon OpenCVE Enrichment

No data.