2344073 – (CVE-2024-57699) CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

Bug 2344073 (CVE-2024-57699) - CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

Summary: CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix...

Keywords:
Status:	NEW
Alias:	CVE-2024-57699
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-05 22:01 UTC by OSIDB Bzimport
Modified:	2025-06-10 10:39 UTC (History)
CC List:	78 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:3541	None	None	None	2025-04-02 16:48:48 UTC
Red Hat Product Errata	RHSA-2025:3543	None	None	None	2025-04-02 20:19:28 UTC
Red Hat Product Errata	RHSA-2025:8761	None	None	None	2025-06-10 10:39:41 UTC

Description OSIDB Bzimport 2025-02-05 22:01:48 UTC

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

Comment 3 errata-xmlrpc 2025-04-02 16:48:44 UTC

This issue has been addressed in the following products:

  Red Hat Build of Apache Camel 4.8 for Quarkus 3.15

Via RHSA-2025:3541 https://access.redhat.com/errata/RHSA-2025:3541

Comment 4 errata-xmlrpc 2025-04-02 20:19:24 UTC

This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.8.5 for Spring Boot

Via RHSA-2025:3543 https://access.redhat.com/errata/RHSA-2025:3543

Comment 5 errata-xmlrpc 2025-06-10 10:39:36 UTC

This issue has been addressed in the following products:

  HawtIO HawtIO 4.2.0

Via RHSA-2025:8761 https://access.redhat.com/errata/RHSA-2025:8761

Note You need to log in before you can comment on or make changes to this bug.

abrianik
adupliak
aprice
asoldano
ataylor
bbaranow
bmaxwell
boliveir
brian.stansberry
caswilli
ccranfor
cdewolf
chfoley
cmiranda
darran.lofthouse
dhanak
dkreling
dosoudil
drichtar
ecerquei
eric.wittmann
fjuma
fmariani
fmongiar
ggrzybek
gmalinko
ibek
istudens
ivassile
iweiss
janstey
jcantril
jcechace
jkoops
jnethert
jpechane
jpoth
jrokos
jsamir
jscholz
kaycoth
kholdawa
kverlaen
lcouzens
lgao
mnovotny
mosmerov
mpierce
mskarbek
msochure
msvehla
nipatil
nwallace
pantinor
parichar
pcongius
pdelbell
pdrozd
peholase
pesilva
pjindal
pmackay
porcelli
pskopek
rguimara
rkubis
rmartinc
rojacob
rowaters
rstancel
rstepani
smaestri
sthorger
swoodman
tasato
tcunning
tom.jenkinson
yfang