SB2019071910 - Improper Check for Unusual or Exceptional Conditions in DaveGamble cJSON
Published: July 19, 2019 Updated: August 8, 2020
Security Bulletin ID
SB2019071910
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2019-1010239)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.
Remediation
Install update from vendor's website.