421 matches found
CVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...
CVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...
CVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...
CVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the decodearrayindexfrompointer function when processing crafted JSON pointer strings. An attacker can cause a denial of service and unexpected behavior by supplying inputs with non-digit character...
CVE-2025-57052
CVE-2025-57052 affects cJSON versions 1.5.0–1.7.18. The vulnerability arises from an out-of-bounds access in the function decode_array_index_from_pointer (cJSON_Utils.c), enabling manipulation via crafted JSON pointer strings. Connected advisories confirm impact across multiple distributions and ...
Linux Distros Unpatched Vulnerability : CVE-2023-50472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c. CVE-2023-50472 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2023-50471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c. CVE-2023-50471 Note that Nessus relies on t...
Linux Distros Unpatched Vulnerability : CVE-2024-31755
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSONSetValuestring at cJSON.c...
Linux Distros Unpatched Vulnerability : CVE-2023-26819
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as a: true, b:...
Linux Distros Unpatched Vulnerability : CVE-2023-53154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via 1:1, with no trailing newline if cJSONParseWithLength is called. CVE-2023-53154 Note th...
OESA-2025-1995 cjson security update
cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...
OESA-2025-1993 cjson security update
cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...
OESA-2025-1992 cjson security update
cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...
ROOT-OS-DEBIAN-12-CVE-2023-53154 CVE-2023-53154 in rootio-cjson - Patched by Root
Root has patched CVE-2023-53154 in the rootio-cjson package for Root:Debian:12. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2022-24834
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and...
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
...
Advisory ROSA-SA-2025-2952
software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-1 affected versions cjson-1.7.18-1 CVE-ID: CVE-2023-53154 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON: Buffer overflow vulnerability on read from heap via parsestring function. CVE-STATUS: Vulnerability has been resolved...
cjson: segmentation violation in function cJSON_InsertItemInArray
A flaw was discovered in the cJSON package. Certain input conditions may trigger a null pointer dereference, which can lead to a denial of service...
cjson: segmentation violation in function cJSON_SetValuestring
A flaw was discovered in the cJSON package. Certain input conditions may trigger a null pointer dereference, which can lead to a denial of service...