What is CVE-2023-5072?

CVE-2023-5072 is a high-severity denial-of-service vulnerability in Stleary JSON-Java versions up to and including 20230618. This vulnerability can lead to significant resource consumption, necessitating immediate attention from organizations to mitigate potential impacts.

What is the severity of CVE-2023-5072?

CVE-2023-5072 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2023-5072 | High Vulnerability in Stleary JSON-Java

CVE-2023-5072 is classified as a high-severity denial-of-service (DoS) vulnerability affecting Stleary JSON-Java versions up to and including 20230618. This vulnerability allows an attacker to exploit a bug in the parser, whereby an input string of modest size can lead to indefinite amounts of memory being used. The impact of this vulnerability is significant, as it can render systems unresponsive and may lead to service outages.

The CVSS score for this vulnerability is 7.5, indicating a high level of risk. The attack vector is network-based, with low attack complexity and no privileges required for exploitation. Additionally, user interaction is not necessary, making this vulnerability particularly concerning for organizations that utilize the affected software.

Risk to organizations includes potential service disruptions and the associated impact on business operations. Given the ease of exploitation, organizations should prioritize addressing this vulnerability in their patch management processes.

As of now, there are no known exploits or public proof of concept available for this vulnerability. However, the absence of reported exploitation does not diminish the need for immediate remediation to avoid potential future attacks.

Organizations should prioritize patching immediately to mitigate the risk posed by this vulnerability.

Vulnerability Details

The vulnerability described by CVE-2023-5072 exists in the JSON-Java library developed by Stleary. According to the official description, a bug in the parser may result in excessive memory consumption when processing certain input strings. This can lead to denial-of-service conditions, where the application becomes unresponsive due to resource exhaustion.

The vulnerability has a CVSS score of 7.5, categorized as high severity. The attack vector is network-based (AV:N), with low complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The impact on availability (A:H) is high, indicating that successful exploitation could lead to significant service disruption.

The vulnerability affects all versions of Stleary JSON-Java up to and including 20230618. The CWE classification for this vulnerability is CWE-770, which signifies improper handling of exceptional conditions.

The vulnerability was published on October 12, 2023, and remains under modification. As such, organizations utilizing this library must take immediate action to mitigate the associated risks.

Technical Analysis

The root cause of CVE-2023-5072 lies in a flaw within the JSON-Java parser. The issue arises when certain input strings are parsed, causing the application to enter a state of excessive memory allocation. The parser does not sufficiently validate input, which leads to the consumption of system resources beyond acceptable limits.

The attack vector is primarily network-based, allowing attackers to send specially crafted input strings over the network and trigger the vulnerability. The attack complexity is low, meaning that even individuals with minimal technical skill could exploit this vulnerability given the right conditions.

Importantly, no privileges are required for exploitation, and user interaction is not necessary, which increases the risk profile of this vulnerability. If exploited, the confidentiality and integrity of the system are not directly impacted; however, the availability impact is high, as the system may become unresponsive.

Risk & Impact Analysis

Organizations that deploy the affected versions of JSON-Java are at risk of experiencing service interruptions and potential downtime due to this vulnerability. The requirement for no user interaction and low attack complexity means that this vulnerability could be exploited relatively easily by unskilled attackers, amplifying the risk to organizations.

The blast radius for this vulnerability could be significant, especially for organizations with high availability requirements or those that rely heavily on JSON-Java for processing data. The urgency for remediation is heightened by the fact that unauthorized access to resources is not necessary for exploitation, thus increasing the likelihood of successful attacks.

Given its CVSS score of 7.5, organizations should assess their environments to identify instances of the affected JSON-Java library and prioritize patching efforts accordingly. The risk of exploitation is further underscored by the absence of known public exploits, which could change as the vulnerability gains visibility.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is Stleary JSON-Java, specifically all versions prior to 20230618. Organizations using this library should assess their current versions and apply necessary updates to mitigate the risk associated with this vulnerability.

Mitigation & Remediation

To mitigate the risks associated with CVE-2023-5072, organizations should update to the latest version of Stleary JSON-Java that addresses this vulnerability. If an immediate upgrade is not feasible, organizations should implement workarounds such as input validation to limit the size of strings processed by the parser.

Organizations should also consider configuration hardening to restrict input sources and monitor usage patterns for any anomalies that could indicate exploitation attempts.

For further insights on best practices, organizations can refer to our guide on penetration testing to identify potential vulnerabilities.

Detection Guidance

Organizations should monitor system logs for indicators of exploitation attempts, such as unusually high memory usage or unresponsive application behavior. Behavioral anomalies in application performance may also signal that the vulnerability is being targeted.

Network signatures can be developed to detect abnormal input patterns that could trigger the vulnerability, allowing for proactive mitigation efforts.

AppSecure Threat Intelligence Insight

CVE-2023-5072 represents a critical issue for applications relying on JSON parsing mechanisms. As denial-of-service vulnerabilities can lead to significant operational disruptions, it underscores the importance of maintaining updated libraries and conducting regular security assessments.

For organizations focused on continuous improvement of their security posture, implementing a robust vulnerability management program can help in identifying and prioritizing vulnerabilities based on their risk profile.

Additionally, adopting a proactive approach to penetration testing methodology can assist organizations in uncovering hidden vulnerabilities before they can be exploited.

Moreover, investing in penetration testing reports can provide actionable insights for remediation efforts.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-5072: High Vulnerability in Stleary JSON-Java