VDB
DEBIAN-CVE-2023-5072
DEBIAN-CVE-2023-5072
PUBLISHED
CVSS 7.5 HIGH
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libjettison-java | 0, 1.5.4-1, 0 |
| Debian:11 | libjettison-java | 0, *, 1.5.3-1 |
| Debian:12 | libjson-java | 3.1.0+dfsg, 3.2.0+dfsg, 2.4-3.1 |
| Debian:14 | libjettison-java | 0, 1.5.4-1, 0 |
| Debian:11 | libjson-java | 0, 3.1.0+dfsg-2, 3.2.0+dfsg-1 |
| Debian:12 | jenkins-json | 2.4-jenkins-8+dfsg-1, 0, 2.4-jenkins-3-7 |
| Debian:11 | jenkins-json | *, 0, 2.4-jenkins-3-7 |
| Debian:13 | jenkins-json | *, 2.4-jenkins-8+dfsg-1, 0 |
| Debian:14 | jenkins-json | 0, 2.4-jenkins-8+dfsg-1, 0 |
| Debian:12 | libjettison-java | 1.5.3-1, 1.5.4-1, 1.5.3-1 |
| Debian:13 | libjson-java | 0, 0, 0 |
| Debian:14 | libjson-java | 0, 0, 0 |
Exploit Intelligence
- owasp-exclude.xml (github-poc)
- suppression.xml (github-poc)
- allow-list.xml (github-poc)
Timeline
- Oct 12, 2023 CVE Published
- Apr 28, 2026 CVE Updated