CVE-2018-1000215 β€” Missing Release of Resource after Effective Lifetime in Cjson

CWE-772 β€” Missing Release of Resource after Effective Lifetime6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Davegamble Cjson
Timeline
PublishedAug 20
Latest updateMay 13

Description

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDdavegamble/cjson1.7.6

πŸ”΄Vulnerability Details

3
GHSA
GHSA-9xc3-9g76-hcvx: Dave Gamble cJSON version 1β†—2022-05-13
β–Ά
CVEList
CVE-2018-1000215: Dave Gamble cJSON version 1β†—2018-08-20
β–Ά
OSV
CVE-2018-1000215: Dave Gamble cJSON version 1β†—2018-08-20
β–Ά

πŸ“‹Vendor Advisories

2
Microsoft
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service↗2018-08-14
β–Ά
Debian
CVE-2018-1000215: cjson - Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in ...β†—2018
β–Ά
CVE-2018-1000215 β€” Davegamble Cjson vulnerability | cvebase