The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
iperf3 project iperf3 |
||
novell suse package hub for suse linux enterprise 12 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
debian debian linux 8.0 |