rpm package
opensuse/cJSON&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cJSON&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-57052 | — | < 1.7.19-1.1 | 1.7.19-1.1 | Sep 3, 2025 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters. | ||
| CVE-2023-26819 | — | < 1.7.19-1.1 | 1.7.19-1.1 | Apr 19, 2025 | cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. | ||
| CVE-2024-31755 | — | < 1.7.18-1.1 | 1.7.18-1.1 | Apr 26, 2024 | cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. | ||
| CVE-2023-50472 | Hig | 7.5 | < 1.7.17-1.1 | 1.7.17-1.1 | Dec 14, 2023 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. | |
| CVE-2023-50471 | Hig | 7.5 | < 1.7.17-1.1 | 1.7.17-1.1 | Dec 14, 2023 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. |
- CVE-2025-57052Sep 3, 2025affected < 1.7.19-1.1fixed 1.7.19-1.1
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
- CVE-2023-26819Apr 19, 2025affected < 1.7.19-1.1fixed 1.7.19-1.1
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
- CVE-2024-31755Apr 26, 2024affected < 1.7.18-1.1fixed 1.7.18-1.1
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
- affected < 1.7.17-1.1fixed 1.7.17-1.1
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
- affected < 1.7.17-1.1fixed 1.7.17-1.1
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.