CVE-2023-53154

Опубликовано: 23 мая 2025

Источник: debian

EPSS Низкий

Описание

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

Пакет	Статус	Версия исправления	Релиз	Тип
cjson	fixed	1.7.18-1		package
cjson	fixed	1.7.15-1+deb12u3	bookworm	package

https://github.com/DaveGamble/cJSON/issues/800
https://github.com/DaveGamble/cJSON/pull/852
Fixed by: https://github.com/DaveGamble/cJSON/commit/3ef4e4e730e5efd381be612df41e1ff3f5bb3c32 (v1.7.18)

EPSS

Процентиль: 4%

0.00018

Низкий

CVE-2023-53154

CVSS3: 2.9

ubuntu

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

CVE-2023-53154

CVSS3: 5.1

redhat

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

CVE-2023-53154

CVSS3: 2.9

nvd

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

CVE-2023-53154

CVSS3: 2.9

msrc

5 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

GHSA-8h4w-44qv-79mq

CVSS3: 2.9

github

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

EPSS

Процентиль: 4%

0.00018

Низкий