libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

...

USN-6233-2 yajl vulnerabilities

USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a us...

USN-6233-2: YAJL vulnerabilities

USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a us...

Moderate: Red Hat Security Advisory: yajl security update

An update for yajl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

The vulnerability of the XML.toJSONObject component in the file and network operations library hutool-json allows a attacker to cause a service failure.

The vulnerability of the XML.toJSONObject component in the library for file processing and network operations in hutool-json is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

UBUNTU-CVE-2021-32292

An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit...

USN-6233-1: YAJL vulnerabilities

It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service application...

de.grobmeier.json:jjson-struts2 (>=0.0.4 <=0.0.9) potentially affected by CVE-2023-35110 via de.grobmeier.json:jjson (>=0.1.2 <=0.1.4)

de.grobmeier.json:jjson MAVEN version =0.1.2, =0.0.4, =0.0.9 Source cves: CVE-2023-35110 Source advisory: OSV:GHSA-75M3-F4HR-2VH9...

ALPINE-CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

PT-2023-35790 · Org.Json · Org.Json

Name of the Vulnerable Software and Affected Versions: org.json affected versions not specified Description: The issue is related to a security exception in the org.json library. The crash occurs in the JSONArray.writeTo function, which is called by JSONStringer.value and JSONStringer.peek...

CVE-2022-45494

Buffer overflow vulnerability in function jsonparseobject in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...

Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Multiple security vulnerabilities have been reported for Jackson JSON library that is used by IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...

[SECURITY] [DSA 5283-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5283-1 [email protected] https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq -...

Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525)

Summary Due to a deserialization flaw withinin Jackson JSON library IBM Business Process Manager is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw within the Jackson JSON library in the readValue method of the...

OpenHarmony 缓冲区错误漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. A buffer error vulnerability exists in OpenHarmony version v3.1.2 and earlier versions, which stems from an incorrect configuration of the cJSON library, resulting in a stack overflow...

PT-2022-23361 · Unknown +1 · Openharmony +1

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is caused by an incorrect configuration of the cJSON library, leading to a stack overflow vulnerability during recursive parsing. This allows LAN attackers to launch a Denial of Servi...

CVE-2022-36423

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices...

Apache APISIX < 2.13.0 Input Validation

The version of Apache APISIX installed on the remote host is prior to 2.13.0. It is, therefore, potentially affected by an input validation vulnerability. When decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, t...