Miggo Logo
Miggo Vulnerability Database
CVE-2023-34616

CVE-2023-34616: pbjson vulnerable to stack exhaustion

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-34616
GHSA ID
GHSA-p4c9-x742-qh8c
EPSS Score
0.19971%
CWE
CWE-400
Published
6/14/2023
Updated
1/3/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.progsbase.libraries:JSONmaven<= 0.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The stack trace shows repeated calls to GetJSONValueRecursive and GetJSONArray when processing nested structures. The vulnerability manifests in recursive parsing functions that lack depth tracking or cycle detection. These functions create new stack frames for each nested element without limit, making them directly responsible for stack exhaustion. The PoC demonstrates this by generating a deeply nested JSON array that triggers a StackOverflowError through recursive parsing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** p*json t*rou** *.*.* *llows *tt**k*rs to **us* * **ni*l o* s*rvi** or ot**r unsp**i*i** imp**ts vi* * *r**t** o*j**t t**t us*s *y*li* **p*n**n*i*s.

Reasoning

T** st**k tr*** s*ows r*p**t** **lls to **tJSONV*lu*R**ursiv* *n* **tJSON*rr*y w**n pro**ssin* n*st** stru*tur*s. T** vuln*r**ility m*ni**sts in r**ursiv* p*rsin* *un*tions t**t l**k **pt* tr**kin* or *y*l* **t**tion. T**s* *un*tions *r**t* n*w st**k