Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-57052

Опубликовано: 03 сент. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

A flaw was found in the cJSON library. A specially crafted JSON pointer string can cause an out-of-bounds access in the decode_array_index_from_pointer function in the cJSON_Utils.c file due to improper array bounds checking, causing a crash to the application linked to the library and resulting in a denial of service.

Отчет

Only applications using the cJSON JSON Pointer API, where specially crafted JSON pointer strings can be supplied by untrusted users are vulnerable to this issue, limiting the exposure and the impact of this vulnerability.

Меры по смягчению последствий

Applications can validate the JSON pointer strings, ensuring they contain only numeric indexes, before calling the cJSON JSON Pointer API functions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Satellite 6cjsonAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-129
https://bugzilla.redhat.com/show_bug.cgi?id=2392894cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings

EPSS

Процентиль: 21%
0.00066
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-57052

CVSS3: 9.8
ubuntu
5 дней назад

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

nvd логотип

CVE-2025-57052

CVSS3: 9.8
nvd
5 дней назад

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

debian логотип

CVE-2025-57052

CVSS3: 9.8
debian
5 дней назад

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_ ...

github логотип

GHSA-98j5-4649-rfv2

github
5 дней назад

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

EPSS

Процентиль: 21%
0.00066
Низкий

7.5 High

CVSS3

Уязвимость CVE-2025-57052