Описание
Security update for cJSON
This update for cJSON fixes the following issues:
- CVE-2023-26819: Allocate memory for the temporary buffer when paring numbers (bsc#1241502)
- CVE-2025-57052: Fix the incorrect check in decode_array_index_from_pointer (bsc#1249112)
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP7
libcjson1-1.7.19-150700.3.3.1
Ссылки
- Link for SUSE-SU-2025:03520-1
- E-Mail link for SUSE-SU-2025:03520-1
- SUSE Security Ratings
- SUSE Bug 1241502
- SUSE Bug 1249112
- SUSE CVE CVE-2023-26819 page
- SUSE CVE CVE-2025-57052 page
Описание
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP7:libcjson1-1.7.19-150700.3.3.1
Ссылки
- CVE-2023-26819
- SUSE Bug 1241502
Описание
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP7:libcjson1-1.7.19-150700.3.3.1
Ссылки
- CVE-2025-57052
- SUSE Bug 1249112