Bug 2344073 (CVE-2024-57699)
| Summary: | CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abrianik, adupliak, aprice, asoldano, ataylor, bbaranow, bmaxwell, boliveir, brian.stansberry, caswilli, ccranfor, chfoley, cmiranda, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, eric.wittmann, fmariani, fmongiar, ggrzybek, gmalinko, ibek, istudens, ivassile, iweiss, janstey, jcantril, jcechace, jkoops, jnethert, jpechane, jpoth, jrokos, jsamir, kaycoth, kholdawa, kverlaen, lcouzens, mnovotny, mosmerov, mpierce, mskarbek, msochure, msvehla, nipatil, nwallace, pantinor, parichar, pcongius, pdelbell, pdrozd, peholase, pesilva, pjindal, pmackay, porcelli, pskopek, rguimara, rkubis, rmartinc, rojacob, rowaters, rstancel, rstepani, smaestri, sthorger, swoodman, tasato, tcunning, tom.jenkinson, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This issue has been addressed in the following products: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 Via RHSA-2025:3541 https://access.redhat.com/errata/RHSA-2025:3541 This issue has been addressed in the following products: Red Hat build of Apache Camel 4.8.5 for Spring Boot Via RHSA-2025:3543 https://access.redhat.com/errata/RHSA-2025:3543 This issue has been addressed in the following products: HawtIO HawtIO 4.2.0 Via RHSA-2025:8761 https://access.redhat.com/errata/RHSA-2025:8761 This issue has been addressed in the following products: OCP-Tools-4.18-RHEL-9 Via RHSA-2025:10092 https://access.redhat.com/errata/RHSA-2025:10092 This issue has been addressed in the following products: OCP-Tools-4.17-RHEL-9 Via RHSA-2025:10097 https://access.redhat.com/errata/RHSA-2025:10097 This issue has been addressed in the following products: OCP-Tools-4.16-RHEL-9 Via RHSA-2025:10098 https://access.redhat.com/errata/RHSA-2025:10098 This issue has been addressed in the following products: OCP-Tools-4.15-RHEL-8 Via RHSA-2025:10104 https://access.redhat.com/errata/RHSA-2025:10104 This issue has been addressed in the following products: OCP-Tools-4.13-RHEL-8 Via RHSA-2025:10119 https://access.redhat.com/errata/RHSA-2025:10119 This issue has been addressed in the following products: OCP-Tools-4.12-RHEL-8 Via RHSA-2025:10118 https://access.redhat.com/errata/RHSA-2025:10118 This issue has been addressed in the following products: OCP-Tools-4.14-RHEL-8 Via RHSA-2025:10120 https://access.redhat.com/errata/RHSA-2025:10120 |
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.