bblanchon

1 exploit Active since Jun 2015
CVE-2015-4590 WRITEUP WRITEUP
ArduinoJson < 4.4 - Denial of Service via Malformed JSON String
The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and over-read.