CVE-2016-4303
published 2016-09-26CVE-2016-4303: The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | iperf3 | < iperf3 3.1.3-1 (bookworm) | iperf3 3.1.3-1 (bookworm) |
| es | iperf3 | >= 0 < 3.1.3-1 | 3.1.3-1 |
| es | iperf3 | >= 0 < 3.1.3-1 | 3.1.3-1 |
| es | iperf3 | >= 0 < 3.1.3-1 | 3.1.3-1 |
| es | iperf3 | >= 0 < 3.1.3-1 | 3.1.3-1 |
| es | iperf3 | >= 3.0 < 3.0.12 | 3.0.12 |
| es | iperf3 | >= 3.1 < 3.1.3 | 3.1.3 |
| novell | suse_package_hub_for_suse_linux_enterprise | — | — |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL