OESA-2025-2491
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2491
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2491.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2491
- Upstream
- Published
- 2025-10-17T14:56:31Z
- Modified
- 2025-10-17T15:32:50.848032Z
- Summary
- cjson security update
- Details
-
cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - %description devel The cjson-devel package contains libraries and header files for developing applications that use cJSON. %prep %autosetup -n cJSON- -p1
Security Fix(es):
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.(CVE-2025-57052)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:24.03-LTS-SP1 / cjson
Package
- Name
- cjson
- Purl
- pkg:rpm/openEuler/cjson&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.15-11.oe2403sp1
Ecosystem specific
{
"aarch64": [
"cjson-1.7.15-11.oe2403sp1.aarch64.rpm",
"cjson-debuginfo-1.7.15-11.oe2403sp1.aarch64.rpm",
"cjson-debugsource-1.7.15-11.oe2403sp1.aarch64.rpm",
"cjson-devel-1.7.15-11.oe2403sp1.aarch64.rpm"
],
"src": [
"cjson-1.7.15-11.oe2403sp1.src.rpm"
],
"x86_64": [
"cjson-1.7.15-11.oe2403sp1.x86_64.rpm",
"cjson-debuginfo-1.7.15-11.oe2403sp1.x86_64.rpm",
"cjson-debugsource-1.7.15-11.oe2403sp1.x86_64.rpm",
"cjson-devel-1.7.15-11.oe2403sp1.x86_64.rpm"
]
}