CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser from the individual developer Dave Gamble. A security vulnerability exists in cJSON version 1.7.18 and earlier, which stems from an out-of-bounds access vulnerability in the decodearrayindexfrompointer function that could lead to bypassing array boun...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the decodearrayindexfrompointer function when processing crafted JSON pointer strings. An attacker can cause a denial of service and unexpected behavior by supplying inputs with non-digit character...

Advisory ROSA-SA-2025-2952

software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-1 affected versions cjson-1.7.18-1 CVE-ID: CVE-2023-53154 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON: Buffer overflow vulnerability on read from heap via parsestring function. CVE-STATUS: Vulnerability has been resolved...

cjson: segmentation violation in function cJSON_InsertItemInArray

A flaw was discovered in the cJSON package. Certain input conditions may trigger a null pointer dereference, which can lead to a denial of service...

TencentOS Server 4: cjson (TSSA-2024:0945)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0945 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at cJSON.c

A flaw was found in cJSON. This issue contains a segmentation violation, which can trigger through the second parameter of the cJSONSetValuestring function at cJSON.c...

DEBIAN-CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

PT-2025-22802

Name of the Vulnerable Software and Affected Versions cJSON versions prior to 1.7.18 Description The issue is related to a heap-based buffer over-read in the parse string function of the cJSON library. This occurs when cJSON ParseWithLength is called with a JSON string that has no trailing newlin...

CVE-2023-53154

CVE-2023-53154 affects the cJSON JSON parser. A heap-based buffer over-read occurs in parse_string when parsing input like {"1":1, with no trailing newline, using cJSON_ParseWithLength; vulnerable in versions before 1.7.18. Distributed advisories note the issue and recommend upgrading to a patche...

CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

CVE-2019-1010239

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...

CVE-2023-26819

CVE-2023-26819 affects the cJSON library (v1.7.15) and can cause a denial of service when parsing crafted JSON like {"a": true, "b": [null, 9999...}] with extremely large numbers. Public advisories (Ubuntu USN-7973-1; Debian DLA-4216) confirm vulnerable package versions and provide fixes in subse...

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...