[SECURITY] [DLA 4304-1] cjson security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4304-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 18, 2025 https://wiki.debian.org/LTS -...

DLA-4304-1 cjson - security update

Bulletin has no description...

Debian dla-4304 : libcjson-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4304 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4304-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DSA-6001-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6001-1] cjson security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6001-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 14, 2025 https://www.debian.org/security/faq -...

DSA-6001-1 cjson - security update

Bulletin has no description...

Debian dsa-6001 : libcjson-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6001 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6001-1 [email protected] https://www.debian.org/security/...

Advisory ROSA-SA-2025-2978

software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-2 affected versions cjson-1.7.18-2 CVE-ID: CVE-2023-26819 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON 1.7.15 may cause a denial of service when processing a specially generated JSON document, e.g.: "a": true, "b": null,...

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

...

Linux Distros Unpatched Vulnerability : CVE-2025-57052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array...

SUSE CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

...

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service

...

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.

...

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability

...

ALPINE-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

DEBIAN-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

UBUNTU-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser from the individual developer Dave Gamble. A security vulnerability exists in cJSON version 1.7.18 and earlier, which stems from an out-of-bounds access vulnerability in the decodearrayindexfrompointer function that could lead to bypassing array boun...