Skip to main content

Cjson CVE-2018-1000216

HIGH
Double Free (CWE-415)
2018-08-20 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 20, 2018 - 20:29 nvd
HIGH 8.8

DescriptionNVD

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.

AnalysisAI

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-415. Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. Affected products include: Davegamble Cjson. Version information: version 1.7.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Cjson

View all
CVE-2025-57052 CRITICAL POC
9.8 Sep 03

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c

CVE-2019-11835 CRITICAL POC
9.8 May 09

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. Rated critical severity (CVSS 9.8), this

CVE-2019-11834 CRITICAL POC
9.8 May 09

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. Rated critical severity (CVSS 9.8)

CVE-2018-1000217 CRITICAL POC
9.8 Aug 20

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can r

CVE-2024-31755 HIGH POC
7.6 Apr 26

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of func

CVE-2023-50472 HIGH POC
7.5 Dec 14

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. Rated

CVE-2023-50471 HIGH POC
7.5 Dec 14

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. Ra

CVE-2019-1010239 HIGH POC
7.5 Jul 19

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. Rated high severity (

CVE-2018-1000215 HIGH
7.5 Aug 20

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial

CVE-2023-26819 LOW POC
2.9 Apr 19

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,999999999999999

CVE-2023-53154 LOW POC
2.9 May 23

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_Pars

Share

CVE-2018-1000216 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy