CVE-2018-1000215

EPSS 0.68%
Published 20.08.2018 20:29:00
Last modified 22.07.2025 18:17:45
Source cve@mitre.org
Teams watchlist Login
Open Login

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Davegamble ≫ Cjson Version <= 1.7.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.68%	0.706

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://github.com/DaveGamble/cJSON/issues/267

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1000215

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000215

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000215

EUVD