CVE-2022-31116

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.4.0

Description The issue is related to the improper decoding of certain characters in JSON strings, specifically escaped surrogate characters not part of a proper surrogate pair. This can lead to string corruption, key confusion, and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. The problem allows for potential data integrity impact.

Recommendations For versions prior to 5.4.0, upgrade to UltraJSON 5.4.0 to resolve the issue. As a temporary workaround, consider avoiding the use of UltraJSON for parsing JSON from untrusted sources until the upgrade is applied. There are no known safe alternatives to upgrading.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

ALT-PU-2022-2708

BDU:2022-04296

CVE-2022-31116

GHSA-WPQR-JCPX-745R

MGASA-2022-0270

OPENSUSE-SU-2022_2673-1

OPENSUSE-SU-2024:12183-1

OPENSUSE-SU-2025:15107-1

RHSA-2022:8850

RHSA-2022:8864

SUSE-SU-2022:2673-1

SUSE-SU-2022_2673-1

USN-6629-1

USN-6629-3

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Ultrajson

CVE-2022-31116

Weakness Enumeration

Related Identifiers

Affected Products

References · 40