VYPR
Vendor

Davegamble/cjson

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2019-11835CriMay 9, 2019
    risk 0.64cvss 9.8epss 0.03

    cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.

  • CVE-2019-11834CriMay 9, 2019
    risk 0.64cvss 9.8epss 0.03

    cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

  • CVE-2018-1000217CriAug 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application…

  • CVE-2016-10749CriApr 29, 2019
    risk 0.57cvss 9.8epss 0.02

    parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.

  • CVE-2018-1000216HigAug 20, 2018
    risk 0.57cvss 8.8epss 0.01

    Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library…

  • CVE-2024-31755HigApr 26, 2024
    risk 0.49cvss 7.6epss 0.01

    cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.

  • CVE-2023-50472HigDec 14, 2023
    risk 0.49cvss 7.5epss 0.01

    cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

  • CVE-2018-1000215HigAug 20, 2018
    risk 0.49cvss 7.5epss 0.02

    Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak…

  • CVE-2023-53154LowMay 23, 2025
    risk 0.19cvss 2.9epss 0.00

    parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

  • CVE-2019-1010239HigJul 19, 2019
    risk 0.00cvss 7.5epss 0.02

    DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The…