CVE-2018-1000217
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.
Dave Gamble cJSON en versiones 1.7.3 y anteriores contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en la librería cJSON que puede resultar en un posible cierre inesperado, la corrupción de los datos o incluso un RCE. El ataque parece ser explotable dependiendo del uso que le da la aplicación a la librería cJSON. Si la aplicación proporciona una interfaz de red, entonces se puede explotar a través de la red. En caso contrario, se ejecutaría de manera local. La vulnerabilidad parece haber sido solucionada en la versión 1.7.4.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-20 CVE Reserved
- 2018-08-20 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/DaveGamble/cJSON/issues/248 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cjson Project Search vendor "Cjson Project" | Cjson Search vendor "Cjson Project" for product "Cjson" | < 1.7.4 Search vendor "Cjson Project" for product "Cjson" and version " < 1.7.4" | - |
Affected
| ||||||