Open wyywang opened 4 months ago
Hello, I noticed that the style of your fuzzcode is a bit like Hopper. May I ask if you have made any modifications to Hopper to achieve this?
@Up-wind Thank you for your interest and question. Yes, this work was a collective effort by our team. To achieve the fuzzing results, we indeed made some custom modifications to Hopper, but for various reasons, we are currently unable to open-source this customized version. Fortunately, the double free vulnerability we reported has been identified and fixed. Regarding the assignment of a CVE number, we are also looking forward to it, but that decision rests with the relevant security organizations based on their assessment and processes. We have submitted all the necessary information following the standard procedures and hope to receive a response soon. Thank you again for your attention and understanding.
Looks good.
Seems we can also do similar things to item->string
.
A pr is always welcome. :)
A pr is always welcome. :)
Thank you for addressing the issue so quickly. To track and document this vulnerability properly, could we initiate the process to obtain a CVE number for the "Double Free Vulnerability in cJSON_Delete Function"? This will help in acknowledging the security implications and ensuring it is recognized and addressed appropriately in various security advisories and databases.
As the recent security
policy declares, I think we should discuss in mails.
During a recent fuzzing session aimed at identifying memory management vulnerabilities within the cJSON library, a double free issue was uncovered in the cJSON_Delete function. This vulnerability poses a significant risk as it could potentially lead to security flaws like crashes or, in worse scenarios, arbitrary code execution if exploited. The issue arises because the function does not set the freed pointers to NULL, which might lead to their unintended reuse.
To mitigate this issue, it is recommended to set pointers to NULL immediately after they are deallocated. This change will prevent the library from accessing or freeing already freed memory, thus avoiding double free vulnerabilities. Example of suggested change:
fuzzcode: