exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2022-31116

Status Candidate

Overview

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.

Related Files

Gentoo Linux Security Advisory 202403-03
Posted Mar 4, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2022-31116, CVE-2022-31117
SHA-256 | 00915f50ef9b76b7d10b556e97fcc528b7fe7c290fe78c3cfb37d95977815baf
Ubuntu Security Notice USN-6629-3
Posted Feb 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6629-3 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117
SHA-256 | 50be04630cf03d8f15f815dd6a94344ba4a09eeb74709bbf0914315704d4157c
Ubuntu Security Notice USN-6629-2
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6629-2 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117
SHA-256 | ec6ddcf81a1c32520be536e38ebdd283e58f5386914c40a18c8dc5490e39e31a
Ubuntu Security Notice USN-6629-1
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6629-1 - It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117
SHA-256 | d35aa970db759e585e1e8439b5af8a9496efa3c84d58b5fde339a617a0f22a82
Red Hat Security Advisory 2022-8864-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8864-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-31116, CVE-2022-31117
SHA-256 | e67230567b77f746670a6a404da6ceef51f510a9fec086f28795382b22bec3ec
Red Hat Security Advisory 2022-8850-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8850-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-31116, CVE-2022-31117
SHA-256 | 76f0a629c54ceda79fbc369649abc71da962c847f0728c2ddc0393ba7c216e1d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close