PT-2018-9384 · Dave Gamble · Cjson

Projectgus

Publicado

2018-08-20

Atualizado

2025-07-22

CVE-2018-1000216

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cJSON versions 1.7.2 and earlier

Description The issue is related to a Double Free vulnerability in the cJSON library, which can result in a possible crash or Remote Code Execution (RCE). This can be exploited if an attacker can force the victim to print JSON data, and the exploitability depends on how the cJSON library is used, potentially allowing local or network-based attacks.

Recommendations For cJSON versions 1.7.2 and earlier, update to version 1.7.3 to resolve the issue.

Exploit

Correção

RCE

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

AZL-41848

CVE-2018-1000216

Produtos afetados

Cjson

PT-2018-9384 · Dave Gamble · Cjson

CVE-2018-1000216

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6