CVE-2021-45958

Published: Dec 31, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ujson/OSV-2021-955.yaml

x_refsource_MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009

x_refsource_MISC

https://github.com/ultrajson/ultrajson/issues/502#issuecomment-1031747284

x_refsource_MISC

https://github.com/ultrajson/ultrajson/issues/501

x_refsource_MISC

https://github.com/ultrajson/ultrajson/pull/504

x_refsource_CONFIRM

[debian-lts-announce] 20220226 [SECURITY] [DLA 2929-1] ujson security update

mailing-list

x_refsource_MLIST

FEDORA-2022-dbf6e00ba8

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-569b6b45e2

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-d1452fd421

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-33e816bc37

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-45958

Description

Affected Products

References