Cjson Project: >> Cjson >> 1.7.17 Security Vulnerabilities
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-05-23
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
CVSS Score
7.6
EPSS Score
0.018
Published
2024-04-26