threat
engine
.sh
Back
·
··:··
Home
/
Product
/
davegamble cjson
Product
davegamble cjson
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-57052
>= 1.5.0 and <= 1.7.18
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing
9.8
CRITICAL
CVE-2023-53154
< 1.7.18
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLengt
2.9
LOW
CVE-2023-26819
all versions
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999
2.9
LOW
CVE-2024-31755
all versions
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON
7.6
HIGH
CVE-2023-50472
all versions
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
7.5
HIGH
CVE-2023-50471
all versions
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
7.5
HIGH
CVE-2019-1010239
all versions
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference
7.5
HIGH
CVE-2019-11835
< 1.7.11
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
9.8
CRITICAL
CVE-2019-11834
< 1.7.11
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
9.8
CRITICAL
CVE-2016-10749
< 0.0.0
parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " charac
9.8
CRITICAL
CVE-2018-1000217
< 1.7.4
Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in P
9.8
CRITICAL
CVE-2018-1000216
< 1.7.3
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Poss
8.8
HIGH
CVE-2018-1000215
<= 1.7.6
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin