20221011

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

json-h-project

CWE-787

NVD

Published: 2023-02-03

Updated: 2024-11-21

Summary

Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

Vulnerable Configurations

Part	Description	Count
Application	Json.H_Project Json.H Project Json.H - Json.H Project Json.H 2022-10-06 Json.H Project Json.H 2022-10-07 Json.H Project Json.H 2022-10-11	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/hyrathon/trophies/security/advisories/GHSA-55fm-gm4m-3v3j
https://github.com/hyrathon/trophies/security/advisories/GHSA-55fm-gm4m-3v3j
https://github.com/sheredom/json.h/issues/94
https://github.com/sheredom/json.h/issues/94