cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDavegamble Cjson
APPDavegamble1.7.16
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2025-57052CRITICAL9.8PL ✓ten sam produkt
Out-of-bounds access w cJSON przez funkcję decode_array_index_from_pointer
CVE-2019-11834CRITICAL9.8ten sam produkt
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
CVE-2019-11835CRITICAL9.8ten sam produkt
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
CVE-2016-10749CRITICAL9.8ten sam produkt
parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that be...
CVE-2018-1000217CRITICAL9.8ten sam produkt
Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library ...