CVE-2018-1000216

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cJSON versions 1.7.2 and earlier

Description The issue is related to a Double Free vulnerability in the cJSON library, which can result in a possible crash or Remote Code Execution (RCE). This can be exploited if an attacker can force the victim to print JSON data, and the exploitability depends on how the cJSON library is used, potentially allowing local or network-based attacks.

Recommendations For cJSON versions 1.7.2 and earlier, update to version 1.7.3 to resolve the issue.

Exploit

Fix

RCE

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

AZL-41848

CVE-2018-1000216

Affected Products

Cjson

CVE-2018-1000216

Weakness Enumeration

Related Identifiers

Affected Products

References · 6