CVE-2026-32875

A flaw was found in UltraJSON, a fast JSON encoder and decoder. This vulnerability allows a remote attacker to cause a denial of service DoS by providing a specially crafted large positive or negative indent value to the JSON serialization functions. This can lead to a buffer overflow, causing th...

UBUNTU-CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

CVE-2026-32875

CVE-2026-32875 affects UltraJSON (Python bindings) and is evidenced across multiple feeds (Fedora advisories, IBM bulletin). The vulnerability resides in versions 5.10–5.11.0 where large indent handling can trigger an integer overflow/underflow when calculating memory for indentation, leading to ...

CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

Linux Distros Unpatched Vulnerability : CVE-2022-31116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain...

Linux Distros Unpatched Vulnerability : CVE-2022-31117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

PT-2022-3515 · Ultrajson +5 · Ultrajson +5

Name of the Vulnerable Software and Affected Versions: UltraJSON versions prior to 5.4.0 Description: The issue is related to the improper decoding of certain characters in JSON strings, specifically escaped surrogate characters not part of a proper surrogate pair. This can lead to string...