Describe the bug
A denial-of-service vulnerability in jsoncpp 1.9.6. When OurReader::readValue() parses a deeply nested JSON array, recursive calls between readValue() and readArray() exceed the default stackLimit (1000) and throw an uncaught Json::RuntimeError, causing std::terminate() and process exit.
The crash occurs at json_reader.cpp:1041:5 in Json::OurReader::readValue(), triggered by a crafted input containing approximately 1100 consecutive [ characters.
All complete vulnerability resources, including vulnerability description, fuzzer binary, PoC payload and reproduction steps, are stored in my research repository:
https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/jsoncpp-deep-nested-array-recursion-dos
Describe the bug
A denial-of-service vulnerability in jsoncpp 1.9.6. When
OurReader::readValue()parses a deeply nested JSON array, recursive calls betweenreadValue()andreadArray()exceed the defaultstackLimit(1000) and throw an uncaughtJson::RuntimeError, causingstd::terminate()and process exit.The crash occurs at
json_reader.cpp:1041:5inJson::OurReader::readValue(), triggered by a crafted input containing approximately 1100 consecutive[characters.All complete vulnerability resources, including vulnerability description, fuzzer binary, PoC payload and reproduction steps, are stored in my research repository:
https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/jsoncpp-deep-nested-array-recursion-dos