CVE-2019-1010239

Exploit

EPSS 0.47%
Published 19.07.2019 17:15:11
Last modified 22.07.2025 18:17:45
Source josh@bress.net
Teams watchlist Login
Open Login

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.

Affected products Warnungen 0 Metrics 3 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Davegamble ≫ Cjson Version1.7.8

Oracle ≫ Timesten In-memory Database Version < 18.1.3.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.616

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch

Third Party Advisory

https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b

Patch

Third Party Advisory

https://github.com/DaveGamble/cJSON/issues/315

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-1010239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1010239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1010239

EUVD