CVE-2023-5072

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5072
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5072.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5072
Aliases
Downstream
Related
Published
2023-10-12T17:15:10.187Z
Modified
2025-11-20T12:21:54.182336Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

References

Affected packages

Git / github.com/stleary/json-java

Affected ranges

Type
GIT
Repo
https://github.com/stleary/json-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a963115ac2527dee688f54f7c1150d6f25b887c1

Affected versions

Other

20150729
20151123
20160212
20160807
20160810
20170516
20171018
20180130
20180813
20190722
20200518
20201115
20210307
20211205
20220320
20220924
20230227
20230618

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5072.json"