Source: cjson
Version: 1.7.18-3
Severity: normal
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for cjson.
CVE-2023-26819[0]:
| cJSON 1.7.15 might allow a denial of service via a crafted JSON
| document such as {"a": true, "b": [ null,999999999999999999999999999
| 9999999999999999999912345678901234567]}.
[1] contains a reproducer, not sure if the problem has bene reported
upstream.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26819
https://www.cve.org/CVERecord?id=CVE-2023-26819
[1] https://github.com/boofish/json_bugs/tree/main/cjson
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
