CVE-2019-1010239
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.
Affected (2)
Products: Davegamble: Cjson · Oracle: Timesten In Memory Database
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.7.8 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 18.1.3.1.0 |
Related CWEs
CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CWE-754
Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
References (6)
Source: josh@bress.net
PatchThird Party Advisory
Source: josh@bress.net
ExploitIssue TrackingThird Party Advisory
Source: josh@bress.net
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Timeline
No history available yet.