CRITICAL🇵🇱 Wersja polska

CVE-2025-57052

CVSS 9.8v3.1pub. 2025-09-03upd. 2025-11-03

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

🤖 AI Analysis
How it works

An attacker sends a specially crafted JSON pointer string containing alphanumeric characters, which is incorrectly processed by the decode_array_index_from_pointer function. This function does not properly validate array indices (CWE-129 — improper validation of array index), leading to reading data outside the permitted memory range (CWE-125 — out-of-bounds read). As a result, the array boundary checking mechanism is bypassed, and the library gains access to memory areas exceeding the allocated buffer.

Impact

A remote attacker can gain access to protected data in the application's memory, threatening the confidentiality, integrity, and availability of the system. Due to the critical CVSS score (9.8) and no authentication requirements, the vulnerability poses serious risk in any environment where the application processes untrusted JSON data.

Mitigation & patch

The cJSON library should be updated to a version higher than 1.7.18, in which the vulnerability was removed. Users of Debian distributions should apply patches published as part of debian-lts-announce (September 2025). Detailed information is available at: https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability and https://lists.debian.org/debian-lts-announce/2025/09/msg00019.html

Who is affected

The cJSON library (authored by Davegamble) in versions 1.5.0 to 1.7.18 inclusive; affects all applications using the cJSON_Utils.c component

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Davegamble Cjson

    APP
    Davegamble
    1.5.0 – 1.7.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2019-11834CRITICAL9.8ten sam produkt

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

CVE-2019-11835CRITICAL9.8ten sam produkt

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.

CVE-2016-10749CRITICAL9.8ten sam produkt

parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that be...

CVE-2018-1000217CRITICAL9.8ten sam produkt

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library ...

CVE-2023-50472HIGH7.5ten sam produkt

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSO...