CVE-2018-1000216Double Free in Cjson

CWE-415Double Free5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Davegamble Cjson
Timeline
PublishedAug 20
Latest updateMay 14

Description

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDdavegamble/cjson< 1.7.3

🔴Vulnerability Details

2
GHSA
GHSA-3g82-r8f2-r5vq: Dave Gamble cJSON version 12022-05-14
CVEList
CVE-2018-1000216: Dave Gamble cJSON version 12018-08-20

📋Vendor Advisories

2
Microsoft
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker m2018-08-14
Debian
CVE-2018-1000216: cjson - Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vuln...2018
CVE-2018-1000216 — Double Free in Davegamble Cjson | cvebase