CVE-2019-1010239

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-1010239

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1010239.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-1010239

Downstream

DEBIAN-CVE-2019-1010239

Published

2019-07-19T17:15:11.783Z

Modified

2025-11-14T09:02:20.322Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.

References

Affected packages

Git / github.com/davegamble/cjson

Affected ranges

Type: GIT
Repo: https://github.com/davegamble/cjson
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

be749d7efa7c9021da746e685bd6dec79f9dd99b

Affected versions

v0.*

v0.0.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/davegamble/cjson/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2019-1010239-9a71d5e9",
        "target": {
            "file": "tests/misc_tests.c"
        },
        "digest": {
            "line_hashes": [
                "224199097714152500685060613489551063673",
                "263306131530668607124660773459305113150",
                "101567609787641322313061128201671283971",
                "27373886340953218651097535203678432342",
                "94349402640710516686814555294711995288",
                "256041248616311685493264993785715254352",
                "249984960554289153839085472433335404881"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/davegamble/cjson/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2019-1010239-cb2922af",
        "target": {
            "file": "tests/misc_tests.c",
            "function": "main"
        },
        "digest": {
            "length": 1312.0,
            "function_hash": "109269136433503758609033108952340694087"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/davegamble/cjson/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2019-1010239-d54c952c",
        "target": {
            "file": "cJSON.c"
        },
        "digest": {
            "line_hashes": [
                "110158048780372033563003727122640263566",
                "102135626717220927749796671384019011331",
                "161798095326186906482607920762638486283",
                "326347769658183875004517515912785408478",
                "77015495928629426346096685545810977164",
                "223966340855811208281438311395380140665",
                "309066967077049681069119056470985999036"
            ],
            "threshold": 0.9
        }
    }
]