Skip to main content

Cjson CVE-2019-11834

CRITICAL
Out-of-bounds Read (CWE-125)
2019-05-09 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 09, 2019 - 05:29 nvd
CRITICAL 9.8

DescriptionNVD

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

AnalysisAI

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. Affected products include: Davegamble Cjson, Oracle Timesten In-Memory Database. Version information: before 1.7.11.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Cjson

View all
CVE-2025-57052 CRITICAL POC
9.8 Sep 03

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c

CVE-2019-11835 CRITICAL POC
9.8 May 09

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. Rated critical severity (CVSS 9.8), this

CVE-2018-1000217 CRITICAL POC
9.8 Aug 20

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can r

CVE-2018-1000216 HIGH POC
8.8 Aug 20

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can resu

CVE-2024-31755 HIGH POC
7.6 Apr 26

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of func

CVE-2023-50472 HIGH POC
7.5 Dec 14

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. Rated

CVE-2023-50471 HIGH POC
7.5 Dec 14

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. Ra

CVE-2019-1010239 HIGH POC
7.5 Jul 19

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. Rated high severity (

CVE-2018-1000215 HIGH
7.5 Aug 20

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial

CVE-2023-26819 LOW POC
2.9 Apr 19

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,999999999999999

CVE-2023-53154 LOW POC
2.9 May 23

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_Pars

Share

CVE-2019-11834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy