Lucene search
K
DavegambleCjson

10 matches found

CVE
CVE
added 2019/07/19 4:41 p.m.181 views

CVE-2019-1010239

CVE-2019-1010239 affects the cJSON project (cJSON 1.7.8) with an Improper Check for Unusual or Exceptional Conditions in the cJSON_GetObjectItemCaseSensitive() function. The vulnerability allows a crafted JSON file to trigger a NULL dereference, leading to denial of service. The fixed version is ...

7.5CVSS7.6AI score0.02418EPSS
CVE
CVE
added 2023/12/14 12:0 a.m.101 views

CVE-2023-50471

CVE-2023-50471 affects cJSON v1.7.16, caused by a segmentation violation in cJSON_InsertItemInArray() that can crash the parser. Multiple advisories note patches/upstream fixes: Fedora issued updates to cJSON 1.7.17 for various releases, Debian LTS recommends upgrading to 1.7.10-1.1+deb10u2, and ...

7.5CVSS7.3AI score0.01508EPSS
CVE
CVE
added 2019/05/09 4:38 a.m.87 views

CVE-2019-11834

CVE-2019-11834 affects cJSON before 1.7.11, allowing out-of-bounds access related to a null byte in a string literal. Public documents corroborate the issue across multiple feeds; one entry ties it to libglvnd

9.8CVSS9.3AI score0.02521EPSS
CVE
CVE
added 2019/05/09 4:38 a.m.71 views

CVE-2019-11835

CVE-2019-11835 affects the cJSON library prior to 1.7.11, where parsing issues with multiline comments enable out-of-bounds access. Impact per sources: high severity (CVSS 3.1 base 9.8; NETWORK, LOW complexity, NONE privileges). Affected: cJSON before 1.7.11. Remediation: upgrade to 1.7.11 or lat...

9.8CVSS9.3AI score0.02556EPSS
CVE
CVE
added 2023/12/14 12:0 a.m.69 views

CVE-2023-50472

CVE-2023-50472 affects cJSON v1.7.16 with a segmentation fault in cJSON_SetValuestring() at cJSON.c. Multiple connected advisories confirm impact across distributions (openSUSE, Ubuntu, Mageia, CBL-Mariner, TencentOS, RHEL/Satellite, OpenSUSE). Patches/upgrades exist: e.g., OpenSUSE SU-2024:0139-...

7.5CVSS7.3AI score0.00961EPSS
CVE
CVE
added 2018/08/20 8:0 p.m.68 views

CVE-2018-1000217

The CVE-2018-1000217 entry concerns the cJSON library (versions 1.7.3 and earlier) with CWE-416: Use After Free. The flaw can cause a crash, data corruption, or remote code execution, depending on how the application uses cJSON; exploitation over a network is possible if the application exposes a...

9.8CVSS9.7AI score0.01753EPSS
CVE
CVE
added 2025/09/03 12:0 a.m.61 views

CVE-2025-57052

CVE-2025-57052 affects cJSON versions 1.5.0–1.7.18. The vulnerability arises from an out-of-bounds access in the function decode_array_index_from_pointer (cJSON_Utils.c), enabling manipulation via crafted JSON pointer strings. Connected advisories confirm impact across multiple distributions and ...

9.8CVSS6.5AI score0.00693EPSS
CVE
CVE
added 2018/08/20 8:0 p.m.59 views

CVE-2018-1000215

CVE-2018-1000215 affects the cJSON library (version ≤ 1.7.6). The root cause is a CWE-772 vulnerability that can cause a Denial of Service by memory leak when data is printed under low memory conditions. A fix exists in 1.7.7. Exploitation details in the documents indicate the issue could be trig...

7.5CVSS7.5AI score0.01677EPSS
CVE
CVE
added 2018/08/20 8:0 p.m.50 views

CVE-2018-1000216

The CVE-2018-1000216 entry concerns cJSON versions 1.7.2 and earlier, which contain a CWE-415 Double Free vulnerability. According to the connected documents, exploitation can lead to a crash or remote code execution, with the attack potentially achievable by forcing the victim to print JSON data...

8.8CVSS8.4AI score0.01471EPSS
CVE
CVE
added 2019/04/29 1:46 p.m.47 views

CVE-2016-10749

CVE-2016-10749 affects the cJSON project. The vulnerability is a buffer over-read in the function that parses strings in cJSON.c , triggered by a string that starts with a double quote (" ) and ends with a backslash (). Impact is described as a buffer over-read; no exploit specifics are provided ...

9.8CVSS9.5AI score0.02469EPSS