Описание
Security update for cJSON
This update for cJSON fixes the following issues:
-
Update to 1.7.18:
- CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420)
- Remove non-functional list handling of compiler flags
- Fix heap buffer overflow
- remove misused optimization flag -01
- Set free'd pointers to NULL whenever they are not reassigned immediately after
-
Update to version 1.7.17 (boo#1218098, CVE-2023-50472, boo#1218099, CVE-2023-50471):
- Fix null reference in cJSON_SetValuestring (CVE-2023-50472).
- Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471).
-
Update to 1.7.16:
- Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt
- Add cmake_policy to CMakeLists.txt
- Add cJSON_SetBoolValue
- Add meson documentation
- Fix memory leak in merge_patch
- Fix conflicting target names 'uninstall'
- Bump cmake version to 3.0 and use new version syntax
- Print int without decimal places
- Fix 'cjson_utils-static' target not exist
- Add allocate check for replace_item_in_object
- Fix a null pointer crash in cJSON_ReplaceItemViaPointer
Список пакетов
SUSE Package Hub 15 SP5
cJSON-devel-1.7.18-bp155.3.3.1
libcjson1-1.7.18-bp155.3.3.1
openSUSE Leap 15.5
cJSON-devel-1.7.18-bp155.3.3.1
libcjson1-1.7.18-bp155.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0139-1
- SUSE Security Ratings
- SUSE Bug 1218098
- SUSE Bug 1218099
- SUSE Bug 1223420
- SUSE CVE CVE-2023-50471 page
- SUSE CVE CVE-2023-50472 page
- SUSE CVE CVE-2024-31755 page
Описание
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
Затронутые продукты
SUSE Package Hub 15 SP5:cJSON-devel-1.7.18-bp155.3.3.1
SUSE Package Hub 15 SP5:libcjson1-1.7.18-bp155.3.3.1
openSUSE Leap 15.5:cJSON-devel-1.7.18-bp155.3.3.1
openSUSE Leap 15.5:libcjson1-1.7.18-bp155.3.3.1
Ссылки
- CVE-2023-50471
- SUSE Bug 1218099
Описание
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
Затронутые продукты
SUSE Package Hub 15 SP5:cJSON-devel-1.7.18-bp155.3.3.1
SUSE Package Hub 15 SP5:libcjson1-1.7.18-bp155.3.3.1
openSUSE Leap 15.5:cJSON-devel-1.7.18-bp155.3.3.1
openSUSE Leap 15.5:libcjson1-1.7.18-bp155.3.3.1
Ссылки
- CVE-2023-50472
- SUSE Bug 1218098
Описание
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
Затронутые продукты
SUSE Package Hub 15 SP5:cJSON-devel-1.7.18-bp155.3.3.1
SUSE Package Hub 15 SP5:libcjson1-1.7.18-bp155.3.3.1
openSUSE Leap 15.5:cJSON-devel-1.7.18-bp155.3.3.1
openSUSE Leap 15.5:libcjson1-1.7.18-bp155.3.3.1
Ссылки
- CVE-2024-31755
- SUSE Bug 1223420