Closed Up-wind closed 5 months ago
Hi @Up-wind Thanks for your job.
IMHO security issues should be discussed in private. Besides this, it will be appreciated to request a CVE after a version containing a fix is released, in which way downstream users can upgrade at the first time when CVE is published.
To achieve this. I will update the GH security pages later.
Hi @Alanscut Thank you for teaching me an important lesson.
I apologize for my reckless of discussing a security issue in public and requesting a CVE before a fixed version is released. I hope that this issue will not affect any downstream projects.
I actually quite agree with what you said, but I was just new to this. I’ve seen someone did this before, so I naively thought that it was a proper way to request a CVE.
Sorry again. I will obey the security rules next time.
Hi,
when fuzzing cJSON library, I found a segmentation fault happened in
cJSON_SetValuestring
.If the valuestring passed to
cJSON_SetValuestring
isNULL
, a null pointer dereference will happen in the following statements:The PoC is as follows:
The null pointer dereference happens here can potentially cause denial of service (DOS). Maybe we can check it before
strlen()
, just likeobject->valuestring
did.Affected Version