CVE-2023-34612: 
Java vulnerability analysis and mitigation

An issue was discovered in ph-json through version 9.5.5 that allows attackers to cause a denial of service (DoS) or other unspecified impacts via crafted objects that use cyclic dependencies. The vulnerability was disclosed on June 14, 2023, and has been assigned CVE-2023-34612 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue manifests when parsing untrusted JSON strings, where deeply nested arrays or JSON objects can trigger a stack overflow error. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

When exploited, this vulnerability can lead to denial of service conditions by causing the application to crash through stack overflow errors. The attack can be triggered by processing specially crafted JSON input with cyclic dependencies (GitHub Issue).

Two potential solutions have been suggested: 1) Adding a depth variable to record the current parsing depth and throwing an exception if it exceeds a certain threshold, similar to jackson-databind's approach, or 2) Changing the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing, following GSON's solution (GitHub Issue).