Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-1642

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard...

Apache APISIX < 2.13.0 Input Validation

The version of Apache APISIX installed on the remote host is prior to 2.13.0. It is, therefore, potentially affected by an input validation vulnerability. When decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, t...

GHSA-WJFQ-88Q2-R34J Unhandled exception when decoding form response JSON

Impact When handling form responses from the client ModalFormResponsePacket, the Minecraft Windows client may send weird JSON that jsondecode can't understand. A workaround for this is implemented in InGamePacketHandler::stupidjsondecode. An InvalidArgumentException is thrown by this function whe...

WAF JSON decoding capability required to protect against API threats like CVE-2020-13942 Apache Unomi RCE

New critical Apache Unomi exploit was released yesterday. As an official press release says: "Apache Unomi is the industrys first reference implementation of the upcoming OASIS CDP specification established by the OASIS CXS Technical Committee, which sets standards as a core technology for enabli...

CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and versio...

CVE-2020-1888

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and...

UBUNTU-CVE-2020-1888

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and...

UBUNTU-CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and versio...

CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and versio...

CVE-2020-1888

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and...

CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and versio...

open62541:fuzz_json_decode: Heap-use-after-free in LocalizedText_clear

Project: https://github.com/open62541/open62541.git Detailed Report: https://oss-fuzz.com/testcase?key=5733705184444416 Project: open62541 Fuzzing Engine: libFuzzer Fuzz Target: fuzzjsondecode Job Type: libfuzzerasanopen62541 Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address...

Flask < 0.12.3 Denial of Service Vulnerability

The version of Pallets Flask on the remote host is prior to 0.12.3. It is, therefore, affected by a denial of service vulnerability in the JSON decoding process due to improper input validation. An unauthenticated attacker can exploit this issue by providing JSON data in a non-text related...

Ubuntu USN-761-2 (php5)

The remote host is missing an update to php5 announced via advisory USN-761-2. OpenVAS Vulnerability Test $Id: ubuntu7612.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7612.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-761-2 php5 Authors: Thomas Reinke...