UBUNTU-CVE-2023-1370

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-1370

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-1370.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-1370

Related

Published

2023-03-22T06:15:00Z

Modified

2023-03-22T06:15:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Json-smart is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

References

Affected packages

Ubuntu:18.04:LTS / json-smart

Package

Name: json-smart
Purl: pkg:deb/ubuntu/json-smart?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2-2ubuntu0.18.04.1

Affected versions

2.*

2.2-1

2.2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.2-2ubuntu0.18.04.1",
            "binary_name": "libjson-smart-java"
        }
    ]
}

Ubuntu:20.04:LTS / json-smart

Package

Name: json-smart
Purl: pkg:deb/ubuntu/json-smart?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2-2ubuntu0.20.04.1

Affected versions

2.*

2.2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.2-2ubuntu0.20.04.1",
            "binary_name": "libjson-smart-java"
        }
    ]
}

Ubuntu:22.04:LTS / json-smart

Package

Name: json-smart
Purl: pkg:deb/ubuntu/json-smart?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2-2ubuntu0.22.04.1

Affected versions

2.*

2.2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.2-2ubuntu0.22.04.1",
            "binary_name": "libjson-smart-java"
        }
    ]
}