Ubuntu Security Notice 6784-1 - It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. Luo Jin discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service.
053d3031c0533899c17dfd47d5e52600769540b87b87c3fcbcded117af755a85
==========================================================================
Ubuntu Security Notice USN-6784-1
May 23, 2024
cjson vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
Summary:
cJSON could be made to crash if it received specially crafted
input.
Software Description:
- cjson: Ultralightweight JSON parser in ANSI C (development files)
Details:
It was discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. This issue only affected Ubuntu 22.04 LTS and
Ubuntu 23.10. (CVE-2023-50471, CVE-2023-50472)
Luo Jin discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. (CVE-2024-31755)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libcjson1 1.7.17-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 23.10
libcjson1 1.7.16-1ubuntu0.2
Ubuntu 22.04 LTS
libcjson1 1.7.15-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6784-1
CVE-2023-50471, CVE-2023-50472, CVE-2024-31755
Package Information:
https://launchpad.net/ubuntu/+source/cjson/1.7.16-1ubuntu0.2