Bugzilla – Bug 1223420
VUL-0: CVE-2024-31755: cJSON: NULL pointer dereference via cJSON_SetValuestring()
Last modified: 2024-06-05 17:05:03 UTC
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31755 https://www.cve.org/CVERecord?id=CVE-2024-31755 https://github.com/DaveGamble/cJSON/issues/839 https://bugzilla.redhat.com/show_bug.cgi?id=2277268
This is an autogenerated message for OBS integration: This bug (1223420) was mentioned in https://build.opensuse.org/request/show/1176530 Backports:SLE-15-SP5 / cJSON
Please process https://build.opensuse.org/request/show/1176529
openSUSE-SU-2024:0139-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1218098,1218099,1223420 CVE References: CVE-2023-50471,CVE-2023-50472,CVE-2024-31755 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): cJSON-1.7.18-bp155.3.3.1
(In reply to Andreas Stieger from comment #2) > Please process https://build.opensuse.org/request/show/1176529 Still missing in Leap 15.6. Please process.
As per bug 1225537 now fixed in Leap 15.6, removing blocker. Tumbleweed still need the fix.
for you reference, it was https://build.opensuse.org/request/show/1177478 for Leap 15.6
This is an autogenerated message for OBS integration: This bug (1223420) was mentioned in https://build.opensuse.org/request/show/1178793 Factory / cJSON