PT-2022-20540 · Ultrajson+5 · Ultrajson+5

Justanotherarchivist

·

Published

2022-07-05

·

Updated

2025-05-17

·

CVE-2022-31117

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.4.0
Description The issue occurs when an error happens while reallocating a buffer for string decoding, causing the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. There are no known workarounds for this issue.
Recommendations For versions prior to 5.4.0, upgrade to UltraJSON 5.4.0 to resolve the issue. At the moment, there is no other information about additional mitigation measures.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2022-2708
CVE-2022-31117
GHSA-FM67-CV37-96FF
MGASA-2022-0270
OPENSUSE-SU-2022_2673-1
OPENSUSE-SU-2024:12183-1
OPENSUSE-SU-2025:15107-1
RHSA-2022:8850
RHSA-2022:8864
SUSE-SU-2022:2673-1
USN-6629-1
USN-6629-3

Affected Products

Alt Linux
Debian
Linuxmint
Suse
Ubuntu
Ultrajson