CVE-2018-1000217: Use After Free
First published: Mon Aug 20 2018(Updated: )
Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cjson Project Cjson | <1.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1000217?
CVE-2018-1000217 is a vulnerability in the cJSON library, specifically version 1.7.3 and earlier, that allows for a use after free attack.
What is the severity of CVE-2018-1000217?
CVE-2018-1000217 has a severity level of 9.8, which is classified as critical.
How does CVE-2018-1000217 affect software?
CVE-2018-1000217 affects software that uses the cJSON library, specifically version 1.7.3 and earlier.
What risks are associated with CVE-2018-1000217?
CVE-2018-1000217 can lead to a crash, data corruption, or even remote code execution.
How can I fix CVE-2018-1000217?
To fix CVE-2018-1000217, it is recommended to update to version 1.7.4 or later of the cJSON library.
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/cjson project
- canonical/cjson project cjson