Vulnerabilities > CVE-2019-1010239 - NULL Pointer Dereference vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cjson-project

oracle

CWE-476

NVD

Published: 2019-07-19

Updated: 2022-05-03

Summary

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.

Vulnerable Configurations

Part	Description	Count
Application	Cjson_Project Cjson Project Cjson 1.7.8	1
Application	Oracle Oracle Timesten IN Memory Database - Oracle Timesten IN Memory Database 11.2.2.8.27 Oracle Timesten IN Memory Database 11.2.2.8.49 Oracle Timesten IN Memory Database 18.1.2.1.0	4

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References