Required CVE Record Information
Description
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 7.5 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://github.com/stleary/JSON-java/issues/758 x_transferred
- https://github.com/stleary/JSON-java/issues/771 x_transferred
- http://www.openwall.com/lists/oss-security/2023/12/13/4 x_transferred
- https://security.netapp.com/advisory/ntap-20240621-0007/ x_transferred