CVE-2019-11834
published 2019-05-09CVE-2019-11834: cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| davegamble | cjson | < 1.7.11 | 1.7.11 |
| davegamble | cjson | >= 0 < 1.7.10-1.1 | 1.7.10-1.1 |
| davegamble | cjson | >= 0 < 1.7.10-1.1 | 1.7.10-1.1 |
| davegamble | cjson | >= 0 < 1.7.10-1.1 | 1.7.10-1.1 |
| davegamble | cjson | >= 0 < 1.7.10-1.1 | 1.7.10-1.1 |
| debian | cjson | < cjson 1.7.10-1.1 (bookworm) | cjson 1.7.10-1.1 (bookworm) |
| msrc | azl3_ceph_18.2.2-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_libglvnd_1.7.0-2_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_pytorch_2.5.1-1_on_cbl_mariner_2.0 | — | — |
| oracle | timesten_in-memory_database | < 18.1.3.1.0 | 18.1.3.1.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL