AZL-27477 CVE-2022-24834 affecting package redis for versions less than 6.2.13-2

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

ALPINE-CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

Null pointer dereference

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

CVE-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

Memory corruption

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2023-28096 OpenSIPS has memory leak in cJSON lib

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2023-28096 OpenSIPS has memory leak in cJSON lib

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2022-36423

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices...

CVE-2022-36423

OpenHarmony v3.1.2 and earlier are affected by a stack overflow when parsing with a misconfigured cJSON library. This enables LAN attackers to cause denial of service on network devices. Root cause: incorrect cJSON configuration; affected component is the library used during recursive parsing. Im...

CVE-2022-36423 Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices...

DEBIAN-CVE-2019-11834

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

Double free

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

Design/Logic Flaw

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2018-1000216

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

Design/Logic Flaw

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...