CVE-2023-53154

Опубликовано: 23 мая 2025

Источник: redhat

CVSS3: 5.1

Описание

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

A heap based buffer overflow flaw was found in cjson when calling the cJSON_ParseWithLength function. Specially crafted input may lead to arbitrary memory corruption.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Satellite 6	cjson	Fix deferred
Red Hat Satellite 6	satellite-capsule:el8/cjson	Fix deferred
Red Hat Satellite 6	satellite:el8/cjson	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2368279cjson: Heap based buffer overflow at cJSON_ParseWithLength function

5.1 Medium

CVSS3

Связанные уязвимости

CVE-2023-53154

CVSS3: 2.9

ubuntu

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

CVE-2023-53154

CVSS3: 2.9

nvd

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

CVE-2023-53154

CVSS3: 2.9

msrc

5 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

CVE-2023-53154

CVSS3: 2.9

debian

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read ...

GHSA-8h4w-44qv-79mq

CVSS3: 2.9

github

8 месяцев назад

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

5.1 Medium

CVSS3