CVE-2026-29975
Denial of Service in lwjson Streaming JSON Parser
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| majerle | lwjson | to 1.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in lwjson version 1.8.1 within its streaming JSON parser component (lwjson_stream.c). It is caused by improper input validation related to how the parser detects the end of a JSON string.
Specifically, the parser incorrectly identifies escaped quote characters by only checking the immediately preceding character instead of counting consecutive backslashes. This flaw causes valid JSON strings that end with an escaped backslash (for example, "\\") to never properly terminate parsing.
As a result, a remote attacker can send well-formed JSON data that exploits this logic error to cause applications using the lwjson_stream_parse() function to hang indefinitely.
This leads to a denial of service condition.
How can this vulnerability impact me? :
This vulnerability can impact you by causing applications that use the vulnerable lwjson streaming JSON parser to become unresponsive or hang indefinitely.
A remote attacker can exploit this by sending specially crafted JSON data, resulting in a denial of service (DoS) condition.
This can disrupt normal operations, potentially causing downtime or degraded service availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for applications using lwjson version 1.8.1 or earlier that process streaming JSON data. Specifically, detection involves identifying if the application hangs or becomes unresponsive when receiving JSON strings ending with an escaped backslash (e.g., {"a":"\\"}).
To detect exploitation attempts on your network, you can look for incoming JSON payloads containing strings that end with an escaped backslash, which may cause the parser to hang.
Suggested commands for detection include using network traffic inspection tools like tcpdump or Wireshark to filter JSON traffic and search for suspicious payloads:
- tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep -E '\\"\\\\\\\\\\"'
- Use application logs to identify hangs or crashes related to JSON parsing.
Additionally, testing the application with crafted JSON inputs that end with escaped backslashes can help confirm if the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid processing untrusted JSON input that contains strings ending with escaped backslashes.
- Implement input validation or filtering to reject JSON payloads with potentially malicious strings that could trigger the parser hang.
- If possible, update or patch the lwjson library to a version where this vulnerability is fixed.
- Monitor application behavior for hangs or denial of service symptoms and restart affected services if necessary.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.