CRITICAL🇬🇧 English

CVE-2019-11834

CVSS 9.8v3.1pub. 2019-05-09upd. 2025-07-22

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Davegamble Cjson

    APP
    Davegamble
    < 1.7.11
  • Oracle Timesten In Memory Database

    APP
    Oracle
    < 18.1.3.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2025-57052CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds access w cJSON przez funkcję decode_array_index_from_pointer

CVE-2019-11835CRITICAL9.8ten sam produkt

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.

CVE-2016-10749CRITICAL9.8ten sam produkt

parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that be...

CVE-2018-11058CRITICAL9.8ten sam produkt

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAF...

CVE-2018-1000217CRITICAL9.8ten sam produkt

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library ...