CVE-2023-26819

CVSS v3.1

2.9

Low

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions cJSON version 1.7.15

Description The issue might allow a denial of service via a crafted JSON document. For example, a document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]} could be used.

Recommendations For cJSON version 1.7.15, as a temporary workaround, consider validating JSON documents to prevent excessively large values in arrays, such as the b array in the example, until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-440

Related Identifiers

AZL-60883

AZL-60889

BDU:2025-09919

CVE-2023-26819

DLA-4216-1

OESA-2025-1965

OESA-2025-1992

OESA-2025-1993

OESA-2025-1994

OESA-2025-1995

OPENSUSE-SU-2025:15583-1

OPENSUSE-SU-2026:20340-1

SUSE-SU-2025:03520-1

USN-7973-1

Affected Products

Debian

Linuxmint

Ubuntu

Cjson

CVE-2023-26819

Weakness Enumeration

Related Identifiers

Affected Products

References · 47