CVE-2018-1000217

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000217

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000217.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000217

Downstream

AZL-41629

Published

2018-08-20T20:29:00.737Z

Modified

2026-03-14T09:27:01.026297Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.

References

https://github.com/DaveGamble/cJSON/issues/248

Affected packages

Git / github.com/davegamble/cjson

Affected ranges

Type

GIT

Repo

https://github.com/davegamble/cjson

Events

Introduced

Fixed

6f264b5d0c7a494934ca418634c47365f8b87e5a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.4"
        }
    ]
}

Affected versions

v0.*

v0.0.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.7.0

v1.7.1

v1.7.2

v1.7.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000217.json"