Software: CppCMS
Language: C++
Risk: medium
Type: stack buffer overflow

Description: The bug is in the JSON parsing code of CppCMS. More specifically, it is in the main loop of the function `parse_stream` in the file src/json.cpp:1082 `bool parse_stream(std::istream &in,value &out,bool force_eof,int &error_at_line)` The main loop in this function does not limit the number of state elements pushed on the stack. As a result, by providing a JSON file that consists of a long enough sequence of the character '[', one can cause the program to crash. In this case, state elements representing a new array will be continuously pushed on the stack, eventually leading to a segmentation fault.

Status: published