CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31755 – Ubuntu Security Notice USN-6784-1
https://notcve.org/view.php?id=CVE-2024-31755
26 Apr 2024 — cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Se descubrió que cJSON v1.7.17 contiene una infracción de segmentación, que puede activarse a través del segundo parámetro de la función cJSON_SetValuestring en cJSON.c. It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only aff... • https://github.com/DaveGamble/cJSON/issues/839 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50471 – Ubuntu Security Notice USN-6784-1
https://notcve.org/view.php?id=CVE-2023-50471
14 Dec 2023 — cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. Se descubrió que cJSON v1.7.16 contenía una infracción de segmentación a través de la función cJSON_InsertItemInArray en cJSON.c. It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. • https://github.com/DaveGamble/cJSON/issues/802 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50472
https://notcve.org/view.php?id=CVE-2023-50472
14 Dec 2023 — cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. Se descubrió que cJSON v1.7.16 contenía una infracción de segmentación a través de la función cJSON_SetValuestring en cJSON.c. • https://github.com/DaveGamble/cJSON/issues/803 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-1010239
https://notcve.org/view.php?id=CVE-2019-1010239
19 Jul 2019 — DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. cJSON versión 1.7.8 de DaveGamble/cJSON, está afectada por: Comprobación Inapropiada de Condiciones Inusuales o Excepcionales. • https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b • CWE-476: NULL Pointer Dereference CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11835
https://notcve.org/view.php?id=CVE-2019-11835
09 May 2019 — cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con los comentarios multilínea. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11834
https://notcve.org/view.php?id=CVE-2019-11834
09 May 2019 — cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con \x00 en un literal de cadena. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10749
https://notcve.org/view.php?id=CVE-2016-10749
29 Apr 2019 — parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. parse_string en cJSON.c en cJSON antes del 02/10/2016, tiene una sobre-lectura de búfer, como lo demuestra una cadena que comienza con un carácter " y termina con un carácter \. • https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000215
https://notcve.org/view.php?id=CVE-2018-1000215
20 Aug 2018 — Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. Dave Gamble cJSON en versiones 1.7.6 y anteriores contiene una vulnerabilidad CWE-772 en la librería cJSON que puede resultar en una denegación de servicio (DoS). Es... • https://github.com/DaveGamble/cJSON/issues/267 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000216
https://notcve.org/view.php?id=CVE-2018-1000216
20 Aug 2018 — Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. Dave Gamble cJSON en versiones 1.7.2 y anteriores contiene una vulnerabilidad CWE-415: Doble liberación (double free) en la... • https://github.com/DaveGamble/cJSON/issues/241 • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000217
https://notcve.org/view.php?id=CVE-2018-1000217
20 Aug 2018 — Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4. Dave Gamble cJSON en versiones 1.7.3 y anteriores contiene una vulnerabilidad CWE-416: U... • https://github.com/DaveGamble/cJSON/issues/248 • CWE-416: Use After Free •