CVE-2023-50472

Опубликовано: 14 дек. 2023

Источник: debian

EPSS Низкий

Описание

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

Пакет	Статус	Версия исправления	Релиз	Тип
cjson	fixed	1.7.17-1		package
cjson	fixed	1.7.15-1+deb12u1	bookworm	package
cjson	fixed	1.7.14-1+deb11u1	bullseye	package
cjson	not-affected		buster	package

https://github.com/DaveGamble/cJSON/issues/803
Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
Seems bogus, this isn't a DoS but only a broken use of an API

EPSS

Процентиль: 29%

0.00104

Низкий

CVE-2023-50472

CVSS3: 7.5

ubuntu

больше 1 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

CVE-2023-50472

CVSS3: 4

redhat

больше 1 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

CVE-2023-50472

CVSS3: 7.5

nvd

больше 1 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

GHSA-278h-99f9-m238

CVSS3: 7.5

github

больше 1 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

openSUSE-SU-2024:0139-1

suse-cvrf

больше 1 года назад

Security update for cJSON

EPSS

Процентиль: 29%

0.00104

Низкий