Synopsis:
cjson security updateSummary:
An update for cjson is now available for openEuler-24.03-LTSDescription:
cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files for developing applications that use cJSON. %prep %autosetup -n cJSON-
Security Fix(es):
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.(CVE-2023-26819)Topic:
An update for cjson is now available for openEuler-24.03-LTS.
openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
LowAffected Component:
cjson
1.7.15-10.oe24031.7.15-10.oe24031.7.15-10.oe24031.7.15-10.oe2403Exploitability
AV:LAC:HPR:NUI:NScope
S:UImpact
C:NI:NA:L2.9/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L