OSV-2024-1071

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/poco/OSV-2024-1071.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-1071

Published

2024-09-15T00:06:58.342742Z

Modified

2025-03-18T00:25:32.915201Z

Summary

Use-of-uninitialized-value in Poco::Dynamic::Var::~Var

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385

Crash type: Use-of-uninitialized-value
Crash state:
Poco::Dynamic::Var::~Var
void Poco::JSON::Object::doStringify<std::__1::map<std::__1::basic_string<char, 
Poco::JWT::Serializer::serialize

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385

Affected packages

OSS-Fuzz / poco

Package

Name: poco
Purl: pkg:generic/poco

Affected ranges

Type: GIT
Repo: https://github.com/pocoproject/poco
Events: Introduced

91c256095f846cd92591e070d4dc075d2a7f7aa9

Fixed

bd7be38d6fe7eff50e65223ffe39fb2cbac1c521

Fixed

af36c9badfcd8971f7a6cf68f1cb759751694673

Fixed

5652837b8f622f2e8d6aad5d286c78587a4a37b4

Affected versions

poco-1.*

poco-1.14.0-release

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/poco/OSV-2024-1071.yaml"

fixed_range

"4ca735d7d80f717911b94a246536b2f04272753e:5652837b8f622f2e8d6aad5d286c78587a4a37b4"