rpm package
opensuse/python-ujson&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-ujson&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31116 | — | < 5.10.0-1.5 | 5.10.0-1.5 | Jul 5, 2022 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. | ||
| CVE-2022-31117 | — | < 5.10.0-1.5 | 5.10.0-1.5 | Jul 5, 2022 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, thi | ||
| CVE-2021-45958 | — | < 5.10.0-1.5 | 5.10.0-1.5 | Dec 31, 2021 | UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. |
- CVE-2022-31116Jul 5, 2022affected < 5.10.0-1.5fixed 5.10.0-1.5
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly.
- CVE-2022-31117Jul 5, 2022affected < 5.10.0-1.5fixed 5.10.0-1.5
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, thi
- CVE-2021-45958Dec 31, 2021affected < 5.10.0-1.5fixed 5.10.0-1.5
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.