Lucene search
K

5 matches found

CVE
CVE
added 2019/05/09 4:38 a.m.90 views

CVE-2019-11834

CVE-2019-11834 affects cJSON before 1.7.11, allowing out-of-bounds access related to a null byte in a string literal. Public documents corroborate the issue across multiple feeds; one entry ties it to libglvnd

9.8CVSS9.3AI score0.02521EPSS
CVE
CVE
added 2019/05/09 4:38 a.m.72 views

CVE-2019-11835

CVE-2019-11835 affects the cJSON library prior to 1.7.11, where parsing issues with multiline comments enable out-of-bounds access. Impact per sources: high severity (CVSS 3.1 base 9.8; NETWORK, LOW complexity, NONE privileges). Affected: cJSON before 1.7.11. Remediation: upgrade to 1.7.11 or lat...

9.8CVSS9.3AI score0.02556EPSS
CVE
CVE
added 2018/08/20 8:0 p.m.69 views

CVE-2018-1000217

The CVE-2018-1000217 entry concerns the cJSON library (versions 1.7.3 and earlier) with CWE-416: Use After Free. The flaw can cause a crash, data corruption, or remote code execution, depending on how the application uses cJSON; exploitation over a network is possible if the application exposes a...

9.8CVSS9.7AI score0.01753EPSS
CVE
CVE
added 2018/08/20 8:0 p.m.50 views

CVE-2018-1000216

The CVE-2018-1000216 entry concerns cJSON versions 1.7.2 and earlier, which contain a CWE-415 Double Free vulnerability. According to the connected documents, exploitation can lead to a crash or remote code execution, with the attack potentially achievable by forcing the victim to print JSON data...

8.8CVSS8.4AI score0.01471EPSS
CVE
CVE
added 2019/04/29 1:46 p.m.48 views

CVE-2016-10749

CVE-2016-10749 affects the cJSON project. The vulnerability is a buffer over-read in the function that parses strings in cJSON.c , triggered by a string that starts with a double quote (" ) and ends with a backslash (). Impact is described as a buffer over-read; no exploit specifics are provided ...

9.8CVSS9.5AI score0.02469EPSS