CVE-2023-50472

Опубликовано: 14 дек. 2023

Источник: debian

Описание

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

Пакет	Статус	Версия исправления	Релиз	Тип
cjson	fixed	1.7.17-1		package
cjson	fixed	1.7.15-1+deb12u1	bookworm	package
cjson	fixed	1.7.14-1+deb11u1	bullseye	package
cjson	not-affected		buster	package

https://github.com/DaveGamble/cJSON/issues/803
Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
Seems bogus, this isn't a DoS but only a broken use of an API

CVE-2023-50472

CVSS3: 7.5

ubuntu

почти 2 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

CVE-2023-50472

CVSS3: 4

redhat

почти 2 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

CVE-2023-50472

CVSS3: 7.5

nvd

почти 2 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

CVE-2023-50472

CVSS3: 7.5

msrc

почти 2 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

GHSA-278h-99f9-m238

CVSS3: 7.5

github

почти 2 года назад

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.