Bug 2298458 (CVE-2023-7272)

Summary: CVE-2023-7272 parsson: stack overflow when parsing deeply nested input
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, anstephe, arnavarr, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, chfoley, clement.escoffier, cmah, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, dsimansk, eaguilar, ebaron, eric.wittmann, fjuma, fmariani, fmongiar, gmalinko, gsmet, hamadhan, istudens, ivassile, iweiss, janstey, jbuscemi, jkang, jmartisk, jnethert, jpallich, jpoth, jscholz, kaycoth, kingland, kverlaen, lgao, lhein, lthon, manderse, matzew, mnovotny, mosmerov, msochure, mstefank, msvehla, nipatil, nwallace, olubyans, pantinor, parichar, pdelbell, pgallagh, pierdipi, pjindal, pmackay, probinso, rguimara, rhuss, rkubis, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, sdouglas, sfroberg, skontopo, smaestri, swoodman, tasato, tcunning, tom.jenkinson, tqvarnst, yfang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Eclipse Parsson. A document containing a large depth of nested objects may allow an attacker to cause a Java stack overflow exception, potentially leading to a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2024-07-17 15:20:14 UTC 
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.