CVE-2016-10749

Опубликовано: 29 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.

Ссылки

https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
Patch
Third Party Advisory
https://github.com/DaveGamble/cJSON/issues/30
Exploit
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2016/11/07/2
Exploit
Mailing List
Patch
Third Party Advisory
https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
Patch
Third Party Advisory
https://github.com/DaveGamble/cJSON/issues/30
Exploit
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2016/11/07/2
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:davegamble:cjson:*:*:*:*:*:*:*:*

Версия до 0.0.0 (исключая)

EPSS

Процентиль: 68%

0.00571

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2016-10749

CVSS3: 9.8

ubuntu

почти 7 лет назад

parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.

CVE-2016-10749

CVSS3: 9.8

debian

почти 7 лет назад

parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-r ...

GHSA-6q52-cg2r-w8jw

CVSS3: 9.8

github

больше 3 лет назад

parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.

EPSS

Процентиль: 68%

0.00571

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125