CVE-2021-45958

Опубликовано: 01 янв. 2022

Источник: debian

Описание

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ujson	fixed	5.2.0-1		package
ujson	no-dsa		bullseye	package
ujson	no-dsa		buster	package

Примечания

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
https://github.com/ultrajson/ultrajson/issues/501
https://github.com/ultrajson/ultrajson/issues/502
https://github.com/ultrajson/ultrajson/pull/504
Fixed by: https://github.com/ultrajson/ultrajson/pull/519

Связанные уязвимости

CVE-2021-45958

CVSS3: 5.5

ubuntu

около 4 лет назад

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

CVE-2021-45958

CVSS3: 5.5

nvd

около 4 лет назад

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

SUSE-SU-2023:2134-1

suse-cvrf

больше 2 лет назад

Security update for python-ujson

GHSA-fh56-85cw-5pq6

CVSS3: 5.5

github

около 4 лет назад

UltraJSON vulnerable to Out-of-bounds Write