Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-45958: oss-fuzz-vulns/OSV-2021-955.yaml at main · google/oss-fuzz-vulns

UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).

CVE
Open in Source
#google#js#git

Permalink

Cannot retrieve contributors at this time

id: OSV-2021-955

summary: Stack-buffer-overflow in Buffer_AppendIndentUnchecked

details: |

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009

Crash type: Stack-buffer-overflow WRITE 1

Crash state:

Buffer_AppendIndentUnchecked

encode

encode

modified: ‘2021-12-17T00:12:05.831314Z’

published: ‘2021-07-11T00:01:05.153778Z’

references:

- type: REPORT

url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009

affected:

- package:

name: ujson

ecosystem: PyPI

ranges:

- type: GIT

repo: https://github.com/ultrajson/ultrajson.git

events:

- introduced: a920bfa9d85bcd78836b866d1be80c1e3dcca1da

- fixed: 5525f8c9ef8bb879dadd0eb942d524827d1b0362

versions:

- 4.0.2

- 4.1.0

- 4.2.0

- 4.3.0

- 5.0.0

ecosystem_specific:

severity: HIGH

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE