CVE-2010-1666: Improper Restriction of Operations within the Bounds of a Memory Buffer in python-cjson
(updated )
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.
References
- bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
- github.com/AGProjects/python-cjson
- github.com/AGProjects/python-cjson/commit/dc2b8781b8666de5ca707318521f554904fdd690
- github.com/advisories/GHSA-cqmh-mpx2-g633
- github.com/pypa/advisory-database/tree/main/vulns/python-cjson/PYSEC-2010-30.yaml
- nvd.nist.gov/vuln/detail/CVE-2010-1666
Code Behaviors & Features
Detect and mitigate CVE-2010-1666 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →