SUSE CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

UBUNTU-CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

OSV-2022-109 UNKNOWN READ in unescape_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44237 Crash type: UNKNOWN READ Crash state: unescapestring parsestring parseobject...

OSV-2021-392 Heap-buffer-overflow in heredoc_remove_indent

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30886 Crash type: Heap-buffer-overflow READ Crash state: heredocremoveindent parsestring parseryylex...

shopify-scripts: Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox

Introduction ============ Certain invalid Ruby programs which should normally raise a syntax error are able to cause an infinite loop in MRuby's parser which makes the mruby-engine sandbox and consequently the MRI process it is running in unresponsive to SIGTERM. The process begins looping foreve...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

Heap overflow

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0164 ESnet iPerf3 JSON parsestring UTF Code Execution Vulnerability June 8, 2016 CVE Number CVE-2016-4303 DESCRIPTION An exploitable remote code execution vulnerability exists in the JSON handling functionality of ESnet iPerf3. A specially crafted JSON string...

Heap overflow

Heap-based buffer overflow in the parsestring function in libs/esl/src/esljson.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSONParse...