DEBIAN-CVE-2023-1370
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 22 Mar 2023, 06:15
Last modified:28 Apr 2026, 20:25
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Mar 2023, 06:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:25
Last Modified
Vulnerability information updated
Description
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- debian•json-smart
< 2.2-2+deb11u1 | < 2.2-2+deb12u1 | < 2.2-3 | < 2.2-3