OSV-2024-555

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/arduinojson/OSV-2024-555.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-555

Published

2024-06-13T00:06:28.782972Z

Modified

2024-06-28T14:18:08.360826Z

Summary

Heap-buffer-overflow in ArduinoJson::V704HB22::detail::MsgPackDeserializer<ArduinoJson::V704HB22::detail

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69497

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
ArduinoJson::V704HB22::detail::MsgPackDeserializer&lt;ArduinoJson::V704HB22::detail
ArduinoJson::V704HB22::DeserializationError::Code ArduinoJson::V704HB22::detail:
ArduinoJson::V704HB22::DeserializationError::Code ArduinoJson::V704HB22::detail:

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69497

Affected packages

OSS-Fuzz / arduinojson

Package

Name: arduinojson
Purl: pkg:generic/arduinojson

Affected ranges

Type: GIT
Repo: https://github.com/bblanchon/ArduinoJson.git
Events: Introduced

aec642be203b4526594319081ec9870a5313840c

Fixed

208e7a33043784d4b9939fb236c84f56cd58e6f5

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

fixed_range

"45611924f33e4c00d2d0e0ee54df6d890599ebe9:208e7a33043784d4b9939fb236c84f56cd58e6f5"

introduced_range

"5a60c55be74b377c850592b3387759d7261e57fd:5b88b2c1f6bd78af21fc2036f2357253b563accb"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/arduinojson/OSV-2024-555.yaml"