CVE-2023-1436Uncontrolled Recursion in Jettison

CWE-674Uncontrolled Recursion13 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 73.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
JettisonJettison Project JettisonDebian Libjettison-java+1 more
Timeline
PublishedMar 22
Latest updateJul 15

Description

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5jettison/jettison< 1.5.4
debiandebian/libjettison-java< libjettison-java 1.5.4-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2023-1436: An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements2023-03-22
OSV
Jettison vulnerable to infinite recursion2023-03-22
GHSA
Jettison vulnerable to infinite recursion2023-03-22

📋Vendor Advisories

9
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (jackson-databind) — CVE-2023-14362024-07-15
Oracle
Oracle Oracle Retail Applications Risk Matrix: Security (Jettison) — CVE-2023-14362024-04-15
Atlassian
CVE-2023-1436: DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server2024-03-19
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Agent Next Gen (Jettison) — CVE-2023-14362024-01-15
Oracle
Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Jettison) — CVE-2023-14362023-10-15
CVE-2023-1436 — Uncontrolled Recursion in Jettison | cvebase