openSUSE-SU-2024:0139-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0139-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0139-1
- Related
- Published
- 2024-05-25T08:47:48Z
- Modified
- 2024-05-25T08:47:48Z
- Summary
- Security update for cJSON
- Details
-
This update for cJSON fixes the following issues:
Update to 1.7.18:
- CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420)
- Remove non-functional list handling of compiler flags
- Fix heap buffer overflow
- remove misused optimization flag -01
- Set free'd pointers to NULL whenever they are not reassigned immediately after
Update to version 1.7.17 (boo#1218098, CVE-2023-50472, boo#1218099, CVE-2023-50471):
- Fix null reference in cJSON_SetValuestring (CVE-2023-50472).
- Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471).
Update to 1.7.16:
- Add an option for ENABLECJSONVERSION_SO in CMakeLists.txt
- Add cmake_policy to CMakeLists.txt
- Add cJSON_SetBoolValue
- Add meson documentation
- Fix memory leak in merge_patch
- Fix conflicting target names 'uninstall'
- Bump cmake version to 3.0 and use new version syntax
- Print int without decimal places
- Fix 'cjson_utils-static' target not exist
- Add allocate check for replaceitemin_object
- Fix a null pointer crash in cJSON_ReplaceItemViaPointer
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/36QNMKFWNRJX3XHLNGZ3DNLMLIHSRF4U/
- https://bugzilla.suse.com/1218098
- https://bugzilla.suse.com/1218099
- https://bugzilla.suse.com/1223420
- https://www.suse.com/security/cve/CVE-2023-50471
- https://www.suse.com/security/cve/CVE-2023-50472
- https://www.suse.com/security/cve/CVE-2024-31755
Affected packages
SUSE:Package Hub 15 SP5 / cJSON
Package
- Name
- cJSON
- Purl
- pkg:rpm/suse/cJSON&distro=SUSE%20Package%20Hub%2015%20SP5