Candidate: CVE-2019-1010239
PublicDate: 2019-07-19 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010239
 https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b
 https://github.com/DaveGamble/cJSON/issues/315
Description:
 DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or
 Exceptional Conditions. The impact is: Null dereference, so attack can
 cause denial of service. The component is:
 cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted
 json file. The fixed version is: 1.7.9 and later.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_cjson:
upstream_cjson: released (1.7.10-1)
precise/esm_cjson: DNE
trusty_cjson: ignored (out of standard support)
trusty/esm_cjson: DNE
xenial_cjson: DNE
bionic_cjson: DNE
disco_cjson: not-affected (1.7.10-1)
devel_cjson: not-affected