CVE-2023-1436

Aliases:GHSA-q6g2-g7f3-rr83

Advisory lineage Upstream: 0 Downstream: 13

Downstream

DEBIAN-CVE-2023-1436 OPENSUSE-SU-2024:12871-1 RHSA-2023:3622 RHSA-2023:3663 RHSA-2023:4505 RHSA-2023:4506

Modified

Published: 16 Mar 2023, 20:59

Last modified:26 Feb 2025, 15:02

Vulnerability Summary

Overall Risk (default)

medium

40/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.12% LOW

0% probability +0.10%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

16 Mar 2023, 20:59

Published

Vulnerability first disclosed

26 Feb 2025, 15:02

Last Modified

Vulnerability information updated

Description

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

CVSS Metrics

v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.12%• Percentile: 31%

Techniques & Countermeasures

CWE-674•Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Systems

jettison_project•jettison
< 1.5.4
jettison•jettison
< 1.5.4
org.codehaus.jettison•jettison
< 1.5.4