UltraJSON 安全漏洞

UltraJSON is an open-source, ultra-fast JSON encoder and decoder written in pure C language, and compatible with Python 3.7+. Versions of UltraJSON prior to 5.12.1 contained a security vulnerability. This vulnerability occurred when writing object-like data to a file using ujson.dump, where an...

CVE-2026-32875

A flaw was found in UltraJSON, a fast JSON encoder and decoder. This vulnerability allows a remote attacker to cause a denial of service DoS by providing a specially crafted large positive or negative indent value to the JSON serialization functions. This can lead to a buffer overflow, causing th...

UBUNTU-CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

CVE-2026-32875

CVE-2026-32875 affects UltraJSON (Python bindings) and is evidenced across multiple feeds (Fedora advisories, IBM bulletin). The vulnerability resides in versions 5.10–5.11.0 where large indent handling can trigger an integer overflow/underflow when calculating memory for indentation, leading to ...

CVE-2026-32875 UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

Linux Distros Unpatched Vulnerability : CVE-2026-32875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or...

EUVD-2022-6438

Malicious code in bioql PyPI...

CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

Linux Distros Unpatched Vulnerability : CVE-2022-31116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain...

Linux Distros Unpatched Vulnerability : CVE-2022-31117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a...

PT-2022-37586 · Ultrajson · Ultrajson

Name of the Vulnerable Software and Affected Versions: ultrajson affected versions not specified Description: The issue concerns an integer overflow related to the len function. Additionally, there was a problem with ultrajson building on webassembly e.g., pyodide due to an outdated version of...

python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

UltraJSON 安全漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A security vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an inability to properly decode certain characters, allowing for potential key obfuscation and...

PT-2022-3515 · Ultrajson +5 · Ultrajson +5

Name of the Vulnerable Software and Affected Versions: UltraJSON versions prior to 5.4.0 Description: The issue is related to the improper decoding of certain characters in JSON strings, specifically escaped surrogate characters not part of a proper surrogate pair. This can lead to string...

DEBIAN-CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...