Vulnerabilities > CVE-2022-31117 - Double Free vulnerability in multiple products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

ultrajson-project

fedoraproject

CWE-415

NVD

Published: 2022-07-05

Updated: 2023-11-07

Summary

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Ultrajson_Project Ultrajson Project Ultrajson 1.19 Ultrajson Project Ultrajson 1.34 Ultrajson Project Ultrajson 1.35 Ultrajson Project Ultrajson 2.0.0 Ultrajson Project Ultrajson 2.0.1 Ultrajson Project Ultrajson 2.0.2 Ultrajson Project Ultrajson 2.0.3 Ultrajson Project Ultrajson 3.0.0 Ultrajson Project Ultrajson 3.1.0 Ultrajson Project Ultrajson 3.2.0 Ultrajson Project Ultrajson 4.0.0 Ultrajson Project Ultrajson 4.0.1 Ultrajson Project Ultrajson 4.0.2 Ultrajson Project Ultrajson 4.1.0 Ultrajson Project Ultrajson 4.2.0 Ultrajson Project Ultrajson 4.3.0 Ultrajson Project Ultrajson 5.0.0 Ultrajson Project Ultrajson 5.1.0 Ultrajson Project Ultrajson 5.2.0 Ultrajson Project Ultrajson 5.3.0	20
OS	Fedoraproject Fedoraproject Fedora 35 Fedoraproject Fedora 36	2

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References