Critical severity9.8NVD Advisory· Published Sep 26, 2016· Updated Jun 17, 2026
CVE-2016-4303
CVE-2016-4303
Description
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/iperf&distro=openSUSE%20Tumbleweedpkg:rpm/suse/iperf&distro=SUSE%20Package%20Hub%2012
< 3.1.3-1.3+ 1 more
- (no CPE)range: < 3.1.3-1.3
- (no CPE)range: < 3.1.3-6.1
Patches
Vulnerability mechanics
References
8- github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412anvdPatchThird Party Advisory
- blog.talosintel.com/2016/06/esnet-vulnerability.htmlnvdExploitThird Party Advisory
- www.talosintelligence.com/reports/TALOS-2016-0164/nvdExploitThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-08/msg00082.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-08/msg00090.htmlnvdMailing ListThird Party Advisory
- software.es.net/iperf/news.htmlnvdRelease NotesThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/01/msg00023.htmlnvdMailing ListThird Party Advisory
- raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.ascnvdThird Party Advisory
News mentions
0No linked articles in our index yet.