Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libjson-java@3.2.0%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/libjson-java@3.2.0%2Bdfsg-2?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-g6p1-25m8-hyak JSON-lib mishandles an unbalanced comment string util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. CVE-2024-47855
GHSA-wwcp-26wc-3fxm
VCID-tp9p-km7u-wbd5 Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string. CVE-2023-5072
GHSA-4jq9-2xhw-jpx7

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-03T07:28:58.657320+00:00 Debian Importer Fixing VCID-g6p1-25m8-hyak https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:28:58.610420+00:00 Debian Importer Fixing VCID-tp9p-km7u-wbd5 https://security-tracker.debian.org/tracker/data/json 38.1.0