7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-34620

GHSA ID

GHSA-5wfc-hjrc-gq87

EPSS Score

0.32735%

CWE

CWE-400

Published

6/14/2023

Updated

11/8/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-34620

CVE-2023-34620: hjson stack exhaustion vulnerability

An issue was discovered hjson through 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-34620

CVE-2023-34620:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-34620

GHSA ID

GHSA-5wfc-hjrc-gq87

EPSS Score

0.32735%

CWE

CWE-400

Published

6/14/2023

Updated

11/8/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.hjson:hjson	maven	<= 3.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The stack trace in the PoC shows recursive calls between readObject and readValue methods during parsing. This indicates a recursive descent parser implementation without depth limiting mechanisms. The vulnerability manifests when processing cyclic/overly nested structures through these recursive calls, eventually exhausting the stack. The correlation with CWE-400 (uncontrolled resource consumption) and the provided PoC demonstrating stack overflow confirm this analysis. Similar vulnerabilities in other JSON parsers (Jackson/GSON) were resolved by adding depth tracking or iterative parsing, further supporting this conclusion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-34620: hjson stack exhaustion vulnerability

CVE-2023-34620:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2023-34620: hjson stack exhaustion vulnerability

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI