CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-31116 – Incorrect handling of invalid surrogate pair characters in ujson
https://notcve.org/view.php?id=CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. • https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAU5N4A7EUK2AMUCOLYDD5ARXAJYZBD2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPPU5FZP3LCTXYORFH7NHUMYA5X66IA7 https://access.redhat.com/security/cve/CVE-2022-31116 https://bugzilla.redhat.com/show_bug.cgi?id=2104740 • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31117 – Double free of buffer during string decoding in ujson
https://notcve.org/view.php?id=CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. • https://github.com/ultrajson/ultrajson/commit/9c20de0f77b391093967e25d01fb48671104b15b https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAU5N4A7EUK2AMUCOLYDD5ARXAJYZBD2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPPU5FZP3LCTXYORFH7NHUMYA5X66IA7 https://access.redhat.com/security/cve/CVE-2022-31117 https://bugzilla.redhat.com/show_bug.cgi?id=2104739 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 3CVE-2021-45958
https://notcve.org/view.php?id=CVE-2021-45958
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. UltraJSON (también conocido como ujson) a través de 5.1.0 tiene un desbordamiento de búfer basado en pila en Buffer_AppendIndentUnchecked (llamado desde encode). La explotación puede, por ejemplo, utilizar una gran cantidad de sangría • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ujson/OSV-2021-955.yaml https://github.com/ultrajson/ultrajson/issues/501 https://github.com/ultrajson/ultrajson/issues/502#issuecomment-1031747284 https://github.com/ultrajson/ultrajson/pull/504 https://lists.debian.org/debian-lts-announce/2022/02/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN7W3GOXALINKFUUE7ICQIC2EF5HNKUQ& • CWE-787: Out-of-bounds Write •