[Buildroot] [PATCH] package/cjson: security bump to version 1.7.19
Julien Olivain
ju.o at free.fr
Tue Sep 16 18:53:47 UTC 2025
On 16/09/2025 11:31, Peter Korsgaard wrote:
> Fixes the following security issue:
>
> CVE-2025-57052: cJSON 1.5.0 through 1.7.18 allows out-of-bounds access
> via
> the decode_array_index_from_pointer function in cJSON_Utils.c, allowing
> remote attackers to bypass array bounds checking and access restricted
> data
> via malformed JSON pointer strings containing alphanumeric characters
>
> https://nvd.nist.gov/vuln/detail/CVE-2025-57052
> https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability
> https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa4139126967f6d289b675b4b36fef
> https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Applied to master, thanks.
More information about the buildroot
mailing list