Package "cjson"
| Name: |
cjson
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Ultralightweight JSON parser in ANSI C (development files)
- Ultralightweight JSON parser in ANSI C
|
| Latest version: |
1.7.15-1ubuntu0.1 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "cjson" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
cjson (1.7.15-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service when parsing large numbers
- debian/patches/CVE-2023-26819.patch: allocate dynamic memory for
temporary buffer instead of using fixed 64-byte stack buffer in
parse_number() function in cJSON.c
- CVE-2023-26819
* SECURITY UPDATE: heap buffer overflow in parse_string function
- debian/patches/CVE-2023-53154.patch: add bounds checking in
parse_string() to prevent out-of-bounds read when parsing JSON
strings without null terminators
- CVE-2023-53154
* SECURITY UPDATE: Out-of-bounds memory access
- debian/patches/CVE-2025-57052.patch: fix the incorrect check in
decode_array_index_from_pointer
- CVE-2025-57052
-- Shishir Subedi <email address hidden> Wed, 21 Jan 2026 14:12:11 +0545
|
| CVE-2023-26819 |
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,99999999999999999999999999999999999999999999 |
| CVE-2023-53154 |
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called. |
| CVE-2025-57052 |
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers t |
|
About
-
Send Feedback to @ubuntu_updates
