CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25713

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.031

EPSS Ranking 86.2%

CVSS Severity

CVSS v3 Score 8.6

References

Products affected by CVE-2024-25713

Ibireme » Yyjson » Version: 0.1.0

cpe:2.3:a:ibireme:yyjson:0.1.0
Ibireme » Yyjson » Version: 0.2.0

cpe:2.3:a:ibireme:yyjson:0.2.0
Ibireme » Yyjson » Version: 0.3.0

cpe:2.3:a:ibireme:yyjson:0.3.0
Ibireme » Yyjson » Version: 0.4.0

cpe:2.3:a:ibireme:yyjson:0.4.0
Ibireme » Yyjson » Version: 0.5.0

cpe:2.3:a:ibireme:yyjson:0.5.0
Ibireme » Yyjson » Version: 0.5.1

cpe:2.3:a:ibireme:yyjson:0.5.1
Ibireme » Yyjson » Version: 0.6.0

cpe:2.3:a:ibireme:yyjson:0.6.0
Ibireme » Yyjson » Version: 0.7.0

cpe:2.3:a:ibireme:yyjson:0.7.0
Ibireme » Yyjson » Version: 0.8.0

cpe:2.3:a:ibireme:yyjson:0.8.0
Fedoraproject » Fedora » Version: 38

cpe:2.3:o:fedoraproject:fedora:38
Fedoraproject » Fedora » Version: 39

cpe:2.3:o:fedoraproject:fedora:39
Fedoraproject » Fedora » Version: 40

cpe:2.3:o:fedoraproject:fedora:40

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25713

Products

Pricing

Contact Us