OESA-2023-1225

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1225

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1225.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1225

Upstream

CVE-2023-1370

Published

2023-04-14T11:05:09Z

Modified

2025-08-12T05:17:33.423160Z

Summary

json-smart security update

Details

Json-smart is a performance focused, JSON processor lib.

Security Fix(es):

Json-smart is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.(CVE-2023-1370)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP1 / json-smart

Package

Name: json-smart
Purl: pkg:rpm/openEuler/json-smart&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2-2.oe2203sp1

Ecosystem specific

{
    "src": [
        "json-smart-2.2-2.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "json-smart-2.2-2.oe2203sp1.noarch.rpm",
        "json-smart-javadoc-2.2-2.oe2203sp1.noarch.rpm"
    ]
}