Cjson Project: Security Vulnerabilities
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-05-23
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
CVSS Score
2.9
EPSS Score
0.001
Published
2025-04-19
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
CVSS Score
7.6
EPSS Score
0.01
Published
2024-04-26