CVE-2023-34616: 
Java vulnerability analysis and mitigation

An issue was discovered in pbjson through version 0.4.0 that allows attackers to cause a denial of service (DoS) or other unspecified impacts via crafted objects that use cyclic dependencies. The vulnerability was disclosed on June 14, 2023, and is tracked as CVE-2023-34616. The vulnerability affects all versions of pbjson up to and including version 0.4.0 (NVD).

The vulnerability is related to the JSON parsing functionality in pbjson and involves a stack overflow error when processing untrusted JSON strings. The issue occurs specifically when parsing deeply nested arrays or JSON objects, which can trigger recursive processing that leads to a stack overflow condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely without requiring privileges or user interaction (NVD, GitHub Issue).

When exploited, this vulnerability can lead to denial of service conditions by causing the application to crash through stack overflow errors. The impact is particularly severe as it requires no special privileges or user interaction to exploit, and can be triggered remotely by sending specially crafted JSON input to affected systems (NVD).

Two potential mitigation approaches have been suggested: 1) Adding a depth variable to record the current parsing depth and throwing an exception if it exceeds a certain threshold, similar to the jackson-databind solution, or 2) Changing the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing, as implemented in GSON (GitHub Issue).