joelittlejohn jsonschema2pojo Stack-Based Buffer Overflow Vulnerability
Vulnerability
A stack-based buffer overflow vulnerability has been identified in joelittlejohn jsonschema2pojo version 1.2.2. This issue arises in the JSON File Handler component, specifically within the 'apply' function of 'org/jsonschema2pojo/rules/SchemaRule.java'. The vulnerability requires local exploitation and can lead to a denial-of-service condition by causing a StackOverflowError.
Impact
Exploitation of this vulnerability causes a StackOverflowError, leading to a denial-of-service condition where the application fails to process requests due to excessive resource consumption.
Reproduction
To reproduce this vulnerability, use the jsonschema2pojo-maven-plugin version 1.2.2 with JDK 8u65. Process a JSON file that includes a reference to '#' within the 'definitions' section. This will trigger the vulnerability by causing a stack-based buffer overflow.
Remediation
A fix has been implemented in the latest version of jsonschema2pojo. Users should update to this version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.