CVE-2019-11834Out-of-bounds Read in Cjson

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Davegamble CjsonOracle Timesten In-memory Database
Timeline
PublishedMay 9
Latest updateMay 24

Description

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDdavegamble/cjson< 1.7.11

Patches

Patch: github.comPatch: www.oracle.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-f8rc-mjx7-r7jf: cJSON before 12022-05-24
OSV
CVE-2019-11834: cJSON before 12019-05-09
CVEList
CVE-2019-11834: cJSON before 12019-05-09

📋Vendor Advisories

2
Microsoft
cJSON before 1.7.11 allows out-of-bounds access related to \x00 in a string literal.2019-05-14
Debian
CVE-2019-11834: cjson - cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string lit...2019
CVE-2019-11834 — Out-of-bounds Read in Davegamble Cjson | cvebase