Bug#1071742: cjson: CVE-2024-31755
Source: cjson
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cjson.
CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
| cJSON_SetValuestring at cJSON.c.
https://github.com/DaveGamble/cJSON/issues/839
https://github.com/DaveGamble/cJSON/pull/840
https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-31755
https://www.cve.org/CVERecord?id=CVE-2024-31755
Please adjust the affected versions in the BTS as needed.
Reply to: