SB2019050917 - Multiple vulnerabilities in DaveGamble cJSON
Published: May 9, 2019 Updated: July 17, 2020
Security Bulletin ID
SB2019050917
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-11834)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
cJSON before 1.7.11 allows out-of-bounds access, related to x00 in a string literal.
2) Buffer overflow (CVE-ID: CVE-2019-11835)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
Remediation
Install update from vendor's website.