5 matches found
CVE-2019-11834
CVE-2019-11834 affects cJSON before 1.7.11, allowing out-of-bounds access related to a null byte in a string literal. Public documents corroborate the issue across multiple feeds; one entry ties it to libglvnd
CVE-2019-11835
CVE-2019-11835 affects the cJSON library prior to 1.7.11, where parsing issues with multiline comments enable out-of-bounds access. Impact per sources: high severity (CVSS 3.1 base 9.8; NETWORK, LOW complexity, NONE privileges). Affected: cJSON before 1.7.11. Remediation: upgrade to 1.7.11 or lat...
CVE-2018-1000217
The CVE-2018-1000217 entry concerns the cJSON library (versions 1.7.3 and earlier) with CWE-416: Use After Free. The flaw can cause a crash, data corruption, or remote code execution, depending on how the application uses cJSON; exploitation over a network is possible if the application exposes a...
CVE-2018-1000216
The CVE-2018-1000216 entry concerns cJSON versions 1.7.2 and earlier, which contain a CWE-415 Double Free vulnerability. According to the connected documents, exploitation can lead to a crash or remote code execution, with the attack potentially achievable by forcing the victim to print JSON data...
CVE-2016-10749
CVE-2016-10749 affects the cJSON project. The vulnerability is a buffer over-read in the function that parses strings in cJSON.c , triggered by a string that starts with a double quote (" ) and ends with a backslash (). Impact is described as a buffer over-read; no exploit specifics are provided ...