CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11835
https://notcve.org/view.php?id=CVE-2019-11835
09 May 2019 — cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con los comentarios multilínea. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11834
https://notcve.org/view.php?id=CVE-2019-11834
09 May 2019 — cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con \x00 en un literal de cadena. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10749
https://notcve.org/view.php?id=CVE-2016-10749
29 Apr 2019 — parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. parse_string en cJSON.c en cJSON antes del 02/10/2016, tiene una sobre-lectura de búfer, como lo demuestra una cadena que comienza con un carácter " y termina con un carácter \. • https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000216
https://notcve.org/view.php?id=CVE-2018-1000216
20 Aug 2018 — Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. Dave Gamble cJSON en versiones 1.7.2 y anteriores contiene una vulnerabilidad CWE-415: Doble liberación (double free) en la... • https://github.com/DaveGamble/cJSON/issues/241 • CWE-415: Double Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-1000217
https://notcve.org/view.php?id=CVE-2018-1000217
20 Aug 2018 — Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4. Dave Gamble cJSON en versiones 1.7.3 y anteriores contiene una vulnerabilidad CWE-416: U... • https://github.com/DaveGamble/cJSON/issues/248 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000215
https://notcve.org/view.php?id=CVE-2018-1000215
20 Aug 2018 — Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. Dave Gamble cJSON en versiones 1.7.6 y anteriores contiene una vulnerabilidad CWE-772 en la librería cJSON que puede resultar en una denegación de servicio (DoS). Es... • https://github.com/DaveGamble/cJSON/issues/267 • CWE-772: Missing Release of Resource after Effective Lifetime •