Json
CVE-2018-17072
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.
AnalysisAI
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Affected products include: Json\+\+ Project Json\+\+. Version information: through 2016.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
This affects the package json before 10.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable,
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated critical severity (CVSS 9.8), this vulnerabil
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated high severity (CVSS 7.5), this vulnerability
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an
Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash v
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today