PT-2019-12517 · Cjson · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions prior to 1.7.11 Description: The issue allows out-of-bounds access, related to x00 in a string literal. Recommendations: For versions prior to 1.7.11, update to version 1.7.11 or later to resolve the issue...

PT-2019-7545 · Cjson · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions prior to 2016-10-02 Description: The issue is related to a buffer over-read in the parse string function in cJSON.c. This occurs when processing a string that starts with a " character and ends with a character. Recommendations...

Dave Gamble cJSON Denial of Service Vulnerability

Dave Gamble cJSON is a lightweight JSON format parser . A security vulnerability exists in the cJSON library in Dave Gamble cJSON 1.7.6 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service memory leak...

DEBIAN-CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

AZL-41848 CVE-2018-1000216 affecting package libglvnd for versions less than 1.7.0-2

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

UBUNTU-CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

PT-2018-9385 · Dave Gamble · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions 1.7.3 and earlier Description: The issue is related to a Use After Free problem in the cJSON library, which can lead to a crash, data corruption, or even Remote Code Execution RCE. The exploitability depends on how the...

PT-2018-9384 · Dave Gamble · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions 1.7.2 and earlier Description: The issue is related to a Double Free vulnerability in the cJSON library, which can result in a possible crash or Remote Code Execution RCE. This can be exploited if an attacker can force the vict...

Buffer overflow

The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service crash via a JSON string with a \ backslash followed by a terminator, as demonstrated by "\\0", which triggers a buffer overflow and over-read...

Cross site scripting

Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...

UBUNTU-CVE-2009-4924

Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...

CVE-2009-4924

Removed by vendor...