7.8
CVE-2022-45494
- EPSS 0.41%
- Veröffentlicht 31.01.2023 22:15:08
- Zuletzt bearbeitet 27.03.2025 19:15:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBuffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Json.H Project ≫ Json.H Version < 2022-11-14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.328 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://github.com/hyrathon/trophies/security/advisories/GHSA-wvpq-p7pp-cj6m
https://github.com/sheredom/json.h
https://github.com/sheredom/json.h/issues/93
https://github.com/sheredom/json.h/issues/97