CVE-2023-1370 in Oracle Banking Virtual Account Managementinfo

Summary

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

Responsible

JFrog

Reservation

03/13/2023

Disclosure

03/22/2023

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251123	Oracle Banking Virtual Account Management Common Core denial of service	404	Not defined	Official fix	CVE-2023-1370
251118	Oracle Banking Supply Chain Finance Security denial of service	404	Not defined	Official fix	CVE-2023-1370
251114	Oracle Banking Liquidity Management Common denial of service	404	Not defined	Official fix	CVE-2023-1370
251107	Oracle Banking Credit Facilities Process Management Common denial of service	404	Not defined	Official fix	CVE-2023-1370
251103	Oracle Banking Cash Management Accessibility denial of service	404	Not defined	Official fix	CVE-2023-1370
242814	Oracle Siebel CRM EAI Open UI denial of service	404	Not defined	Official fix	CVE-2023-1370
242598	Oracle Financial Services Model Management and Governance Installer denial of service	404	Not defined	Official fix	CVE-2023-1370
242455	Oracle GoldenGate Veridata denial of service	404	Not defined	Official fix	CVE-2023-1370
242451	Oracle GoldenGate Studio denial of service	404	Not defined	Official fix	CVE-2023-1370
234974	Oracle Utilities Application Framework General denial of service	404	Not defined	Official fix	CVE-2023-1370
234932	Oracle Policy Automation Determinations denial of service	404	Not defined	Official fix	CVE-2023-1370
234819	Oracle Data Integrator denial of service	404	Not defined	Official fix	CVE-2023-1370
234813	Oracle WebLogic Server Centralized Thirdparty Jars denial of service	404	Not defined	Official fix	CVE-2023-1370
234805	Oracle Middleware Common Libraries and Tools Remote Diagnostic Agent denial of service	404	Not defined	Official fix	CVE-2023-1370
234735	Oracle FLEXCUBE Universal Banking INFRA code denial of service	404	Not defined	Official fix	CVE-2023-1370
234730	Oracle FLEXCUBE Investor Servicing Infrastructure Code denial of service	404	Not defined	Official fix	CVE-2023-1370
234726	Oracle Financial Services Analytical Applications Infrastructure Third Party denial of service	404	Not defined	Official fix	CVE-2023-1370
234722	Oracle Banking Trade Finance Process Management Dashboard denial of service	404	Not defined	Official fix	CVE-2023-1370
234685	Oracle Banking Corporate Lending Process Management Base denial of service	404	Not defined	Official fix	CVE-2023-1370
234619	Oracle Primavera Unifier Web Services denial of service	404	Not defined	Official fix	CVE-2023-1370
234617	Oracle Primavera Gateway Admin denial of service	404	Not defined	Official fix	CVE-2023-1370
234578	Oracle Communications Cloud Native Core Security Edge Protection Proxy Configuration denial of service	404	Not defined	Official fix	CVE-2023-1370
234572	Oracle Communications Cloud Native Core Policy Install/Upgrade denial of service	404	Not defined	Official fix	CVE-2023-1370
234564	Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade denial of service	404	Not defined	Official fix	CVE-2023-1370
234489	Oracle Graph Server and Client Packaging denial of service	404	Not defined	Official fix	CVE-2023-1370
226352	Oracle Communications Unified Assurance Vision denial of service	404	Not defined	Official fix	CVE-2023-1370
223513	Json-smart Array recursion	674	Not defined	Not defined	CVE-2023-1370

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!