Lucene search

GoogleOSV:CVE-2023-50471

HistoryDec 14, 2023 - 8:15 p.m.

CVE-2023-50471

2023-12-1420:15:53

Google

osv.dev

cjson v1.7.16

segmentation violation

cjson_insertiteminarray

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.4%

JSON

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

CPENameOperatorVersion
cjsoneq1.7.14-r0
cjsoneq1.7.15-r3
cjsoneq1.7.16-r1
cjsoneq1.7.14-r1
cjsoneq1.7.15-r1
cjsoneq1.7.15-r0
cjsoneq1.7.15-r2
cjsoneq1.7.16-r0
cjsoneq1.7.15-r4

Name	Operator	Version
cjson	eq	1.7.14-r0
cjson	eq	1.7.15-r3
cjson	eq	1.7.16-r1
cjson	eq	1.7.14-r1
cjson	eq	1.7.15-r1
cjson	eq	1.7.15-r0
cjson	eq	1.7.15-r2
cjson	eq	1.7.16-r0
cjson	eq	1.7.15-r4

References

github.com/DaveGamble/cJSON/issues/802

lists.debian.org/debian-lts-announce/2023/12/msg00023.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EO4XCUTY3ZMVW4YBG6DBYVS5NSMNP6JY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSI3LL6ZNKYNM5JKPA5FKZTATL4MPF7V/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQOQ7CAOYBNHGAMNOR7ELGLC22HV3ZQV/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.4%

JSON

Related for OSV:CVE-2023-50471