Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1000217

Опубликовано: 20 авг. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:davegamble:cjson:*:*:*:*:*:*:*:*
Версия до 1.7.4 (исключая)

EPSS

Процентиль: 61%
0.00418
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2018-1000217

CVSS3: 9.8
ubuntu
больше 7 лет назад

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.

msrc логотип

CVE-2018-1000217

CVSS3: 9.8
msrc
5 месяцев назад

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability

debian логотип

CVE-2018-1000217

CVSS3: 9.8
debian
больше 7 лет назад

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use Af ...

github логотип

GHSA-cmxj-54mf-j4q3

CVSS3: 9.8
github
больше 3 лет назад

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.

EPSS

Процентиль: 61%
0.00418
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416