CVE-2024-31755

Name of the Vulnerable Software and Affected Versions cJSON version 1.7.17

Description The issue is related to a segmentation violation that can be triggered through the second parameter of the cJSON SetValuestring function at cJSON.c. This can lead to a denial of service. The vulnerability is associated with null pointer dereference errors in the cJSON SetValuestring function of the cJSON library for working with JSON objects in C. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service.

Recommendations For cJSON version 1.7.17, as a temporary workaround, consider disabling the cJSON SetValuestring function until a patch is available. Restrict access to the cJSON.c component to minimize the risk of exploitation. Avoid using the second parameter of the cJSON SetValuestring function in the affected cJSON.c file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.