CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116

UltraJSON vulnerability (CVE-2022-31116) affects UltraJSON, a C-based JSON encoder/decoder with Python bindings. Affected versions improperly decoded escaped surrogate characters (surrogate pairs), enabling string corruption and potential key confusion or value overwriting when parsing JSON from ...

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117 Double free of buffer during string decoding in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117

UltraJSON (ujson) has a vulnerability CVE-2022-31117: a double-free bug during buffer reallocation in string decoding. The issue is in the C-level decoder; due to UltraJSON’s internal design, this double free cannot be triggered from Python. The advisory details confirm the root cause and state n...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117 Double free of buffer during string decoding in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

PT-2022-20540 · Ultrajson +4 · Ultrajson +4

Name of the Vulnerable Software and Affected Versions: UltraJSON versions prior to 5.4.0 Description: The issue occurs when an error happens while reallocating a buffer for string decoding, causing the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

UltraJSON 安全漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A security vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an inability to properly decode certain characters, allowing for potential key obfuscation and...

PT-2022-3515 · Ultrajson +5 · Ultrajson +5

Name of the Vulnerable Software and Affected Versions: UltraJSON versions prior to 5.4.0 Description: The issue is related to the improper decoding of certain characters in JSON strings, specifically escaped surrogate characters not part of a proper surrogate pair. This can lead to string...

UltraJSON 资源管理错误漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A resource management error vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an error when reallocating a buffer for string decoding, which could cause th...

Updated python-ujson packages fix security vulnerability

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation. CVE-2021-45958...

Fedora: Security Advisory for python-ujson (FEDORA-2022-569b6b45e2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: python-ujson-5.2.0-1.fc36

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

Fedora: Security Advisory for python-ujson (FEDORA-2022-dbf6e00ba8)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: python-ujson-5.1.0-1.fc36

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

Denial Of Service (DoS)

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

GHSA-FH56-85CW-5PQ6 UltraJSON vulnerable to Out-of-bounds Write

UltraJSON aka ujson 1.34 through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode...