-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A segmentation fault in cJSON_SetValuestring #839
Comments
Hi @Up-wind IMHO security issues should be discussed in private. Besides this, it will be appreciated to request a CVE after a version containing a fix is released, in which way downstream users can upgrade at the first time when CVE is published. To achieve this. I will update the GH security pages later. |
Hi @Alanscut I apologize for my reckless of discussing a security issue in public and requesting a CVE before a fixed version is released. I hope that this issue will not affect any downstream projects. I actually quite agree with what you said, but I was just new to this. I’ve seen someone did this before, so I naively thought that it was a proper way to request a CVE. Sorry again. I will obey the security rules next time. |
Fix NULL valuestring problem in cJSON_SetValuestring. This fixes DaveGamble#839 and CVE-2024-31755 Related issue DaveGamble#845
Fix NULL valuestring problem in cJSON_SetValuestring. This fixes DaveGamble#839 and CVE-2024-31755 Related issue DaveGamble#845
Fix NULL valuestring problem in cJSON_SetValuestring. This fixes DaveGamble#839 and CVE-2024-31755 Related issue DaveGamble#845
Fix NULL valuestring problem in cJSON_SetValuestring. This fixes DaveGamble#839 and CVE-2024-31755 Related issue DaveGamble#845
Hi,
when fuzzing cJSON library, I found a segmentation fault happened in
cJSON_SetValuestring
.If the valuestring passed to
cJSON_SetValuestring
isNULL
, a null pointer dereference will happen in the following statements:The PoC is as follows:
The null pointer dereference happens here can potentially cause denial of service (DOS). Maybe we can check it before
strlen()
, just likeobject->valuestring
did.Affected Version
The text was updated successfully, but these errors were encountered: