CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11835
https://notcve.org/view.php?id=CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con los comentarios multilínea. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb https://github.com/DaveGamble/cJSON/issues/338 https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11834
https://notcve.org/view.php?id=CVE-2019-11834
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con \x00 en un literal de cadena. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb https://github.com/DaveGamble/cJSON/issues/337 https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10749
https://notcve.org/view.php?id=CVE-2016-10749
parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. parse_string en cJSON.c en cJSON antes del 02/10/2016, tiene una sobre-lectura de búfer, como lo demuestra una cadena que comienza con un carácter " y termina con un carácter \. • https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 https://github.com/DaveGamble/cJSON/issues/30 https://www.openwall.com/lists/oss-security/2016/11/07/2 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000217
https://notcve.org/view.php?id=CVE-2018-1000217
Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4. Dave Gamble cJSON en versiones 1.7.3 y anteriores contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en la librería cJSON que puede resultar en un posible cierre inesperado, la corrupción de los datos o incluso un RCE. • https://github.com/DaveGamble/cJSON/issues/248 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000215
https://notcve.org/view.php?id=CVE-2018-1000215
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. Dave Gamble cJSON en versiones 1.7.6 y anteriores contiene una vulnerabilidad CWE-772 en la librería cJSON que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable si el atacante puede forzar los datos que se van a imprimir y el sistema tiene poca memoria, en cuyo caso podría forzar una fuga de memoria. • https://github.com/DaveGamble/cJSON/issues/267 • CWE-772: Missing Release of Resource after Effective Lifetime •