Showing 1 - 6 of 6

CVE-2022-31116

Status Candidate

Overview

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.

Related Files

Gentoo Linux Security Advisory 202403-03: Posted Mar 4, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2022-31116, CVE-2022-31117; SHA-256 | 00915f50ef9b76b7d10b556e97fcc528b7fe7c290fe78c3cfb37d95977815baf; Download | Favorite | View

Ubuntu Security Notice USN-6629-3: Posted Feb 15, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6629-3 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117; SHA-256 | 50be04630cf03d8f15f815dd6a94344ba4a09eeb74709bbf0914315704d4157c; Download | Favorite | View

Ubuntu Security Notice USN-6629-2: Posted Feb 14, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6629-2 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117; SHA-256 | ec6ddcf81a1c32520be536e38ebdd283e58f5386914c40a18c8dc5490e39e31a; Download | Favorite | View

Ubuntu Security Notice USN-6629-1: Posted Feb 14, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6629-1 - It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117; SHA-256 | d35aa970db759e585e1e8439b5af8a9496efa3c84d58b5fde339a617a0f22a82; Download | Favorite | View

Red Hat Security Advisory 2022-8864-01: Posted Dec 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-8864-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-31116, CVE-2022-31117; SHA-256 | e67230567b77f746670a6a404da6ceef51f510a9fec086f28795382b22bec3ec; Download | Favorite | View

Red Hat Security Advisory 2022-8850-01: Posted Dec 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-8850-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-31116, CVE-2022-31117; SHA-256 | 76f0a629c54ceda79fbc369649abc71da962c847f0728c2ddc0393ba7c216e1d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2022-31116

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems