CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-1010239
https://notcve.org/view.php?id=CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. cJSON versión 1.7.8 de DaveGamble/cJSON, está afectada por: Comprobación Inapropiada de Condiciones Inusuales o Excepcionales. • https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b https://github.com/DaveGamble/cJSON/issues/315 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-476: NULL Pointer Dereference CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11835
https://notcve.org/view.php?id=CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con los comentarios multilínea. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb https://github.com/DaveGamble/cJSON/issues/338 https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11834
https://notcve.org/view.php?id=CVE-2019-11834
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con \x00 en un literal de cadena. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb https://github.com/DaveGamble/cJSON/issues/337 https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10749
https://notcve.org/view.php?id=CVE-2016-10749
parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. parse_string en cJSON.c en cJSON antes del 02/10/2016, tiene una sobre-lectura de búfer, como lo demuestra una cadena que comienza con un carácter " y termina con un carácter \. • https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 https://github.com/DaveGamble/cJSON/issues/30 https://www.openwall.com/lists/oss-security/2016/11/07/2 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000215
https://notcve.org/view.php?id=CVE-2018-1000215
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. Dave Gamble cJSON en versiones 1.7.6 y anteriores contiene una vulnerabilidad CWE-772 en la librería cJSON que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable si el atacante puede forzar los datos que se van a imprimir y el sistema tiene poca memoria, en cuyo caso podría forzar una fuga de memoria. • https://github.com/DaveGamble/cJSON/issues/267 • CWE-772: Missing Release of Resource after Effective Lifetime •