Astra Linux - уязвимость в cjson

In cJSON before version 1.7.18, parsestring has a heap-based buffer over-read issue, occurring through "1":1, without any trailing newline characters when cJSONParseWithLength is called...

Astra Linux - уязвимость в cjson

In versions of cJSON 1.5.0 through 1.7.18, the decodearrayindexfrompointer function in cJSONUtils.c allows for out-of-bounds access. This enables remote attackers to bypass array bounds checking and access restricted data through malformed JSON pointer strings containing alphanumeric characters...

Unity Linux 20.1060e / 20.1070e Security Update: json-lib (UTSA-2026-017417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017417 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

CVE-2026-24813

CVE-2026-24813 describes a NULL pointer dereference in abcz316/SKRoot-linuxKernelRoot, tied to the cJSON.Cpp component within the testRoot/jni/utils modules. The issue affects SKRoot-linuxKernelRoot. Reported impact indicates high potential for availability loss, with no reported confidentiality ...

EUVD-2025-36675

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...

EUVD-2015-2428

Malware in sbrugna...

EUVD-2024-34736

Malicious code in bioql PyPI...

CVE-2025-40930

JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

PT-2025-36473

Name of the Vulnerable Software and Affected Versions: JSON::XS versions prior to 4.04 Description: JSON::XS, a Perl module, contains an integer buffer overflow that can lead to a segmentation fault when processing specially crafted JSON data. This issue may result in denial-of-service attacks...

Linux Distros Unpatched Vulnerability : CVE-2025-57052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array...

UBUNTU-CVE-2025-9403

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...

MAL-2025-12106 Malicious code in @zalastax/nolb-json-o (npm)

The package @zalastax/nolb-json-o was found to contain malicious code...

MAL-2025-12111 Malicious code in @zalastax/nolb-json-t (npm)

The package @zalastax/nolb-json-t was found to contain malicious code...

OESA-2025-1965 cjson security update

cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...

AZL-62005 CVE-2023-53154 affecting package apparmor for versions less than 3.0.4-5

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

AZL-67455 CVE-2023-53154 affecting package apparmor for versions less than 3.1.7-1

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

SUSE CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

DEBIAN-CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...