1 results (0.001 seconds)
CVSS: 9.8EPSS: 5%CPEs: 6EXPL: 2
CVSS: 9.8EPSS: 5%CPEs: 6EXPL: 2CVE-2016-4303
https://notcve.org/view.php?id=CVE-2016-4303
26 Sep 2016 — The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. La función parse_string en cjson.c en la librería cJSON no maneja correctamente cadenas UTF8/16, lo que permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código arbitrario a través de un carácter no hexadecimal en... • http://blog.talosintel.com/2016/06/esnet-vulnerability.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •