CVE-2024-31755 — NULL Pointer Dereference in Cjson

CWE-476 — NULL Pointer Dereference CWE-754 — Improper Check for Unusual or Exceptional Conditions8 documents7 sources

Severity

7.6HIGHNVD

OSV7.5

EPSS

2.1%

top 15.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cjson Project Cjson Davegamble Cjson Debian Cjson +7 more

Timeline

PublishedApr 26

Latest updateMay 23

Description

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages11 packages

▶debiandebian/cjson< cjson 1.7.15-1+deb12u2 (bookworm)

▶Ubuntudavegamble/cjson< 1.7.15-1ubuntu0.1~esm2+1

▶Debiancjson_project/cjson< 1.7.14-1+deb11u1+3

▶NVDcjson_project/cjson1.7.17

▶msrcmsrc/cbl_mariner_2.0_arm

🔴Vulnerability Details

OSV

cjson vulnerabilities↗2024-05-23

▶

GHSA

GHSA-5g69-hr8r-x577: cJSON v1↗2024-04-26

▶

OSV

CVE-2024-31755: cJSON v1↗2024-04-26

▶

📋Vendor Advisories

Ubuntu

cJSON vulnerabilities↗2024-05-23

▶

Red Hat

cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at cJSON.c↗2024-04-26

▶

Microsoft

cJSON v1.7.17 was discovered to contain a segmentation violation which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.↗2024-04-09

▶

Debian

CVE-2024-31755: cjson - cJSON v1.7.17 was discovered to contain a segmentation violation, which can trig...↗2024

▶