Vulnerability

CVE-2024-57699

 Report advisory or correction

CVSS Score 8.7 high

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-674

References

https://github.com/advisories/GHSA-pq2g-wx69-c263
https://github.com/netplex/json-smart-v2/pull/233
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-57699

[CVE-2024-57699] CWE-674: Uncontrolled Recursion

Description

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ?{?, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.