Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6784-1

Ubuntu Security Notice 6784-1 - It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. Luo Jin discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service.

Packet Storm
#vulnerability#ubuntu#dos#js
==========================================================================Ubuntu Security Notice USN-6784-1May 23, 2024cjson vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:cJSON could be made to crash if it received specially craftedinput.Software Description:- cjson: Ultralightweight JSON parser in ANSI C (development files)Details:It was discovered that cJSON incorrectly handled certain input. Anattacker could possibly use this issue to cause cJSON to crash, resultingin a denial of service. This issue only affected Ubuntu 22.04 LTS andUbuntu 23.10. (CVE-2023-50471, CVE-2023-50472)Luo Jin discovered that cJSON incorrectly handled certain input. Anattacker could possibly use this issue to cause cJSON to crash, resultingin a denial of service. (CVE-2024-31755)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   libcjson1                       1.7.17-1ubuntu0.1~esm2                                   Available with Ubuntu ProUbuntu 23.10   libcjson1                       1.7.16-1ubuntu0.2Ubuntu 22.04 LTS   libcjson1                       1.7.15-1ubuntu0.1~esm2                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6784-1   CVE-2023-50471, CVE-2023-50472, CVE-2024-31755Package Information:   https://launchpad.net/ubuntu/+source/cjson/1.7.16-1ubuntu0.2

Related news

CVE-2023-50471: bug for cJSON_InsertItemInArray function · Issue #802 · DaveGamble/cJSON

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

CVE-2023-50472: bug for cJSON_SetValuestring · Issue #803 · DaveGamble/cJSON

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

Packet Storm: Latest News

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download