Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...

Astra Linux - уязвимость в cjson

It has been discovered that cJSON v1.7.16 contains a segmentation violation due to the use of the cJSONSetValuestring function in the cJSON.c file...

PT-2026-27320

Name of the Vulnerable Software and Affected Versions ncmdump versions prior to 1.4.0 Description A NULL pointer dereference issue exists in taurusxin ncmdump within the src/utils modules, specifically related to the cJSON.Cpp program files. This can lead to unexpected behavior or program crashes...

CVE-2018-1000216

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings

A flaw was found in the cJSON library. A specially crafted JSON pointer string can cause an out-of-bounds access in the decodearrayindexfrompointer function in the cJSONUtils.c file due to improper array bounds checking, causing a crash to the application linked to the library and resulting in a...

cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings

A flaw was found in the cJSON library. A specially crafted JSON pointer string can cause an out-of-bounds access in the decodearrayindexfrompointer function in the cJSONUtils.c file due to improper array bounds checking, causing a crash to the application linked to the library and resulting in a...

EUVD-2016-5303

Malware in sbrugna...

EUVD-2018-1887

Malware in sbrugna...

EUVD-2023-31821

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-2978

software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-2 affected versions cjson-1.7.18-2 CVE-ID: CVE-2023-26819 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON 1.7.15 may cause a denial of service when processing a specially generated JSON document, e.g.: "a": true, "b": null,...

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.

...

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability

...

CVE-2025-57052

CVE-2025-57052 affects cJSON versions 1.5.0–1.7.18. The vulnerability arises from an out-of-bounds access in the function decode_array_index_from_pointer (cJSON_Utils.c), enabling manipulation via crafted JSON pointer strings. Connected advisories confirm impact across multiple distributions and ...

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

OESA-2024-2303 cjson security update

cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...

BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

BIT-KEYDB-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...