Headline
Ubuntu Security Notice USN-6784-1
Ubuntu Security Notice 6784-1 - It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. Luo Jin discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service.
==========================================================================Ubuntu Security Notice USN-6784-1May 23, 2024cjson vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:cJSON could be made to crash if it received specially craftedinput.Software Description:- cjson: Ultralightweight JSON parser in ANSI C (development files)Details:It was discovered that cJSON incorrectly handled certain input. Anattacker could possibly use this issue to cause cJSON to crash, resultingin a denial of service. This issue only affected Ubuntu 22.04 LTS andUbuntu 23.10. (CVE-2023-50471, CVE-2023-50472)Luo Jin discovered that cJSON incorrectly handled certain input. Anattacker could possibly use this issue to cause cJSON to crash, resultingin a denial of service. (CVE-2024-31755)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS libcjson1 1.7.17-1ubuntu0.1~esm2 Available with Ubuntu ProUbuntu 23.10 libcjson1 1.7.16-1ubuntu0.2Ubuntu 22.04 LTS libcjson1 1.7.15-1ubuntu0.1~esm2 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6784-1 CVE-2023-50471, CVE-2023-50472, CVE-2024-31755Package Information: https://launchpad.net/ubuntu/+source/cjson/1.7.16-1ubuntu0.2
Related news
CVE-2023-50471: bug for cJSON_InsertItemInArray function · Issue #802 · DaveGamble/cJSON
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
CVE-2023-50472: bug for cJSON_SetValuestring · Issue #803 · DaveGamble/cJSON
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.