Description
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.
References (1)
Core 1
Core References
Broken Link x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2022-048_Jsonxx
Scores
CVSS v3
8.1
EPSS
0.0081
EPSS Percentile
51.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-415
CWE-416
Status
published
Products (2)
hjiang/json\+\+
1.0.0
hjiang/json\+\+
1.0.1
Published
Aug 19, 2022
Tracked Since
Feb 18, 2026