Stack-Based Buffer Overflow in UltraJSON Library
CVE-2021-45958

5.5MEDIUM

Key Information:

Vendor

Ultrajson Project

Status
Ultrajson
Vendor
CVE Published:
1 January 2022

What is CVE-2021-45958?

The UltraJSON library, also known as ujson, is susceptible to a stack-based buffer overflow involving the Buffer_AppendIndentUnchecked function, which is invoked during encoding processes. Attackers can exploit this vulnerability by providing overly large indentation values, potentially leading to memory corruption and execution of arbitrary code. It is crucial for users of UltraJSON versions 5.1.0 and earlier to apply the relevant security updates to mitigate associated risks.

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
x_refsource_MISC
https://github.com/ultrajson/ultrajson/issues/502#issueco...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.