CVE-2022-45494

Опубликовано: 31 янв. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

Ссылки

https://github.com/hyrathon/trophies/security/advisories/GHSA-wvpq-p7pp-cj6m
Exploit
Third Party Advisory
https://github.com/sheredom/json.h
Product
Third Party Advisory
https://github.com/sheredom/json.h/issues/93
Issue Tracking
Patch
Third Party Advisory
https://github.com/sheredom/json.h/issues/97
Issue Tracking
Patch
Third Party Advisory
https://github.com/hyrathon/trophies/security/advisories/GHSA-wvpq-p7pp-cj6m
Exploit
Third Party Advisory
https://github.com/sheredom/json.h
Product
Third Party Advisory
https://github.com/sheredom/json.h/issues/93
Issue Tracking
Patch
Third Party Advisory
https://github.com/sheredom/json.h/issues/97
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:json.h_project:json.h:*:*:*:*:*:*:*:*

Версия до 2022-11-14 (исключая)

EPSS

Процентиль: 39%

0.00174

Низкий

7.8 High

CVSS3

Дефекты

CWE-787