Comments (4)
carnil
commented on June 3, 2024
This appears to have CVE-2023-50471 assigned.
from cjson.
PeterAlfredLee
commented on June 3, 2024
Hi @Du4t
It will be appreciated if you can provide a POC.
Currently I tested with newitem->prev as NULL but I can not reproduce this problem.
Besides this, I don't think it's a good practice to request a CVE without this problem being confirmed.
from cjson.
PeterAlfredLee
commented on June 3, 2024
The only way I can reproduce this problem is to pass a corrupted array to cJSON_InsertItemInArray like this:
cJSON *item = cJSON_CreateString("item");
cJSON *array = cJSON_CreateArray();
cJSON *temp1 = cJSON_CreateString("item1");
cJSON *temp2 = cJSON_CreateString("item2");
add_item_to_array(array, temp1);
add_item_to_array(array, temp2);
// manually set the prev to be NULL to make a corrupted array
temp2->prev = NULL;
// SEGV as after_inserted->prev is NULL, which is passed to newitem->prev, making newitem->prev->next a NULL pointer using
cJSON_InsertItemInArray(array, 1, item);Is this the correct way to reproduce this problem?
from cjson.
Related Issues (20)
- Add simple elments to arrays HOT 1
- ASAN detects a 3 byte overstep in the call to cJSON_ParseWithOpts
- Estimated EOL for 1.7? HOT 1
- " prevent buffer overflow when last input character is a backslash" is useless
- Use \uxxxx(s) to print non-BMP characters HOT 1
- Add item (char | char*) to Array HOT 3
- Get array element by index in object HOT 4
- Help - Get value of a key
- Inputs not validated HOT 2
- cJSON_ParseWithOpts("{xx}", return_parse_end, 0) sets *return_parse_end to "x}"
- cJSON_GetArraySize overflow HOT 1
- Enhancement: Functions to get object reference to children starting with prefix/suffix
- OOB access in `parse_string` HOT 1
- bug for cJSON_SetValuestring HOT 4
- heap-buffer-overflow in cJSON_ParseWithLengthOpts HOT 1
- An outside the range found in cJSON_SetNumberHelper HOT 1
- An 'outside the range of int' bug found in cJSON_CreateNumber HOT 2
- An infinite loop found in cJSON_DeleteItemFromObjectCaseSensitive HOT 2
- Can't link from CMake HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cjson.