CVE-2023-5072 - Denial of Service (DoS)

Severity: None2024-02-09

Security Advisories

Abstract

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

The Oxygen products incorporate JSON-Java as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v5.1 and olderNone Oxygen Content Fusion 6.0 build 2023110109
Oxygen XML Author v26.0 and olderNone Oxygen XML Author 26.0 build 2023111306
Oxygen XML Developer v26.0 and olderNone Oxygen XML Developer 26.0 build 2023111306
Oxygen XML Editor v26.0 and olderNone Oxygen XML Editor 26.0 build 2023111306
Oxygen License Server v26.0 and olderNone Oxygen License Server v26.1 build 2024031513
Oxygen Publishing Engine v26.0 and olderNone Oxygen Publishing Engine 26.0 build 2023110923
Oxygen XML Web Author v26.0.0 and olderNone N/A

Mitigation

None

Detail

CVE-2023-5072

Severity: High

CVSS Score: 7.5

The JSON-Java third-party library used by Oxygen XML products is an affected version mentioned in CVE-2023-5072 vulnerability description.
Oxygen XML products do not parse JSON user input. For that reason, Oxygen XML products are not affected by this vulnerability.

Revision History

2024-03-29 Starting with Oxygen License Server version 26.1 build 2024031513, the JSON-Java was updated to version that includes a fix for CVE-2023-5072.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor