CVE-2018-1000217

CRITICAL

davegamble/cJSON < 1.7.4 - Use-After-Free

Title source: llm
STIX 2.1

Description

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/DaveGamble/cJSON/issues/248

Scores

CVSS v3 9.8
EPSS 0.0175
EPSS Percentile 75.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
davegamble/cjson < 1.7.4
Published Aug 20, 2018
Tracked Since Feb 18, 2026