Bug#1071742: cjson: CVE-2024-31755

To: submit@bugs.debian.org
Subject: Bug#1071742: cjson: CVE-2024-31755
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 24 May 2024 16:49:06 +0200
Message-id: <[🔎] ZlCo4lqzXshx_dZR@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1071742@bugs.debian.org

Source: cjson
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for cjson.

CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
| cJSON_SetValuestring at cJSON.c.

https://github.com/DaveGamble/cJSON/issues/839
https://github.com/DaveGamble/cJSON/pull/840
https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-31755
    https://www.cve.org/CVERecord?id=CVE-2024-31755

Please adjust the affected versions in the BTS as needed.

Reply to:

Prev by Date: Re: Accepted ipvsadm 1:1.31-2 (source) into unstable
Next by Date: Processed: bug 1071743 is forwarded to https://github.com/lief-project/LIEF/issues/1038 ...
Previous by thread: Re: Accepted ipvsadm 1:1.31-2 (source) into unstable
Next by thread: Processed: bug 1071743 is forwarded to https://github.com/lief-project/LIEF/issues/1038 ...
Index(es):
- Date
- Thread