CVE-2024-57699
Aliases:GHSA-pq2g-wx69-c263
Advisory lineage Upstream: 0 Downstream: 9
Deferred
Published: 05 Feb 2025, 00:00
Last modified:06 Feb 2025, 15:15
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.06% LOW
0% probability +0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Feb 2025, 00:00
Published
Vulnerability first disclosed
06 Feb 2025, 15:15
Last Modified
Vulnerability information updated
Description
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.06%• Percentile: 18%
Techniques & Countermeasures
- CWE-674•Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Affected Systems
- net.minidev•json-smart
≥ 2.5.0, < 2.5.2
References (8)
- https://nvd.nist.gov/vuln/detail/cve-2023-1370
- https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699
- https://nvd.nist.gov/vuln/detail/CVE-2024-57699
- https://github.com/netplex/json-smart-v2/issues/232
- https://github.com/netplex/json-smart-v2/issues/233
- https://github.com/netplex/json-smart-v2/issues/236
- https://github.com/netplex/json-smart-v2
- https://github.com/netplex/json-smart-v2/releases/tag/2.5.2