PT-2018-9385 · Dave Gamble · Cjson
Hhallen
·
Published
2018-08-20
·
Updated
2025-07-22
·
CVE-2018-1000217
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
cJSON versions 1.7.3 and earlier
Description
The issue is related to a Use After Free problem in the cJSON library, which can lead to a crash, data corruption, or even Remote Code Execution (RCE). The exploitability depends on how the application utilizes the cJSON library. If the application provides a network interface, it can be exploited over a network; otherwise, it is limited to local exploitation.
Recommendations
For cJSON versions 1.7.3 and earlier, update to version 1.7.4 or later to resolve the issue.
Exploit
Fix
RCE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cjson