Candidate: CVE-2018-1000217
PublicDate: 2018-08-20 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000217
 https://github.com/DaveGamble/cJSON/issues/248
 https://github.com/DaveGamble/cJSON/commit/22a7d04fa004462e0dca35c3cc7809bea38e65f9
Description:
 Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After
 Free vulnerability in cJSON library that can result in Possible crash,
 corruption of data or even RCE. This attack appear to be exploitable via
 Depends on how application uses cJSON library. If application provides
 network interface then can be exploited over a network, otherwise just
 local.. This vulnerability appears to have been fixed in 1.7.4.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_cjson:
upstream_cjson: released (1.7.4)
precise/esm_cjson: DNE
trusty_cjson: DNE
trusty/esm_cjson: DNE
xenial_cjson: DNE
bionic_cjson: DNE
devel_cjson: not-affected (1.7.5-1)