Source: cjson
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security

Hi,

The following vulnerabilities were published for cjson.

They appear to be rather bogus and not cross any security boundaries,
please doublecheck:

CVE-2023-50471[0]:
| cJSON v1.7.16 was discovered to contain a segmentation violation via
| the function cJSON_InsertItemInArray at cJSON.c.

https://github.com/DaveGamble/cJSON/issues/802
Fixed by: 
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8

CVE-2023-50472[1]:
| cJSON v1.7.16 was discovered to contain a segmentation violation via
| the function cJSON_SetValuestring at cJSON.c.

https://github.com/DaveGamble/cJSON/issues/803
Fixed by: 
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-50471
    https://www.cve.org/CVERecord?id=CVE-2023-50471
[1] https://security-tracker.debian.org/tracker/CVE-2023-50472
    https://www.cve.org/CVERecord?id=CVE-2023-50472

Please adjust the affected versions in the BTS as needed.

Reply via email to