CVE-2024-57699 — Netplex Json-smart Uncontrolled Recursion vulnerability

Description

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

How to fix CVE-2024-57699

To remediate CVE-2024-57699, upgrade the affected package to a fixed version below.

—upgrade to 2.5.2-1 or later
—upgrade to 2.5.2 or later

Is CVE-2024-57699 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.5.2-1
>= 2.5.0, < 2.5.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (9)

ADVISORYnvd.nist.gov/vuln/detail/cve-2023-1370
ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-57699
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-57699
PATCHgithub.com/netplex/json-smart-v2
WEB