Github json-smart-v1 缓冲区错误漏洞

Github json-smart-v1 is a Github open source application . Provides all non-indexed data in the data store as serialized JSON messages stored in the columns function . A security vulnerability exists in JSON Smart versions 1.3 and 2.4, which originates in the indexOf function of JSONParserByteArr...

Security Bulletin: Android Mobile SDK compile builder includes vulnerable components

Summary A third party JSON parser that Android Mobile SDK uses include vulnerable components. The JSON parser is included in the compile builder provided to customers to compile their Mobile SDK manifest. It is not included within customer apps. Vulnerability Details CVEID: CVE-2018-7489...

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

Default credentials

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

CVE-2021-22973

CVE-2021-22973 affects F5 BIG-IP; the JSON parser function does not protect against out-of-bounds memory accesses or writes. Affected BIG-IP branches/versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions. Root cause:...

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

F5 Networks BIG-IP : iRules LX vulnerability (K13323323)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1. It is, therefore, affected by a vulnerability as referenced in the K13323323 advisory. - On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...

[SECURITY] Fedora 32 Update: golang-github-buger-jsonparser-1.1.1-1.fc32

Alternative JSON parser for Go. It does not require you to know the structure of the payload eg. create structs, and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package depending on payload s ize and usage, allocates no memory...

Fedora: Security Advisory for golang-github-buger-jsonparser (FEDORA-2021-b670727349)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-buger-jsonparser (FEDORA-2021-5676f1be7d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary Code Execution

Fastjson is vulnerable to arbitrary code execution. A deserialization vulnerability exists within the JSON parser and allows the attacker to execute arbitrary code on the host OS...

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

...

OSV-2020-252 Global-buffer-overflow in json_tokener_parse_ex

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23619 Crash type: Global-buffer-overflow READ 4 Crash state: jsontokenerparseex tokenerparseexfuzzer.cc...

Command Execution Vulnerability in Fastjson

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a command execution vulnerability that can be exploited by an attacker to gain server...

[SECURITY] Fedora 32 Update: golang-github-buger-jsonparser-0-0.9.20200406gitf7e751e.fc32

Alternative JSON parser for Go. It does not require you to know the structure of the payload eg. create structs, and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package depending on payload s ize and usage, allocates no memory...

Fedora: Security Advisory for golang-github-buger-jsonparser (FEDORA-2020-97e8a67945)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: golang-github-buger-jsonparser-0-0.8.20200406gitf7e751e.fc31

Alternative JSON parser for Go. It does not require you to know the structure of the payload eg. create structs, and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package depending on payload s ize and usage, allocates no memory...

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSONparser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between...

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...