Lucene search

Redhat.comRH:CVE-2024-31755

HistoryApr 26, 2024 - 4:42 a.m.

CVE-2024-31755

2024-04-2604:42:46

redhat.com

access.redhat.com

cjson

v1.7.17

cve-2024-31755

segmentation violation

cjson_setvaluestring

second parameter

cjson.c

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

A flaw was found in cJSON. This issue contains a segmentation violation, which can trigger through the second parameter of the cJSON_SetValuestring function at cJSON.c.

Mitigation

Currently, there's no available mitigation that matches Red Hat's mitigation criteria other than updating the affected packages.

References

bugzilla.redhat.com/show_bug.cgi?id=2277268

github.com/advisories/GHSA-5g69-hr8r-x577

github.com/DaveGamble/cJSON/issues/839

nvd.nist.gov/vuln/detail/CVE-2024-31755

www.cve.org/CVERecord?id=CVE-2024-31755