CVE-2021-45958 — Vulnetix

CVE-2021-45958 PUBLISHED CVSS 4.300000190734863 MEDIUM

UltraJSON vulnerable to Out-of-bounds Write

EPSS 0.29% · 52.4th percentile

Risk Scores

CVSS 2.0

4.300000190734863

EPSS Score

0.29%

52.4th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	9.0
fedoraproject	fedora	35, 36, 37
ultrajson_project	ultrajson	0
PyPI	ujson	1.34
n/a	n/a	n/a

Exploit Intelligence

https://github.com/ultrajson/ultrajson/issues/502#issuecomment-1031747284 (circl)
https://github.com/ultrajson/ultrajson/pull/504 (circl)
[debian-lts-announce] 20220226 [SECURITY] [DLA 2929-1] ujson security update (circl)
FEDORA-2022-dbf6e00ba8 (circl)
FEDORA-2022-569b6b45e2 (circl)
FEDORA-2022-d1452fd421 (circl)
FEDORA-2022-33e816bc37 (circl)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 (nist-nvd)
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ujson/OSV-2021-955.yaml (nist-nvd)
https://github.com/ultrajson/ultrajson/issues/501 (nist-nvd)

Timeline

Dec 31, 2021 CVE Published
Jan 1, 2022 EPSS Score
Feb 24, 2022 EPSS Score
Apr 19, 2022 EPSS Score
Jun 11, 2022 EPSS Score
Aug 5, 2022 EPSS Score
Sep 28, 2022 EPSS Score
Nov 21, 2022 EPSS Score
Jan 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 8, 2023 EPSS Score
May 1, 2023 EPSS Score

References

https://www.ibm.com/support/pages/node/7149736 advisory
https://www.ibm.com/support/pages/node/7150045 advisory
https://www.ibm.com/support/pages/node/7149967 advisory
https://www.ibm.com/support/pages/node/7149874 advisory
https://www.ibm.com/support/pages/node/7150150 advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ujson/OSV-2021-955.yaml url
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 url
https://github.com/ultrajson/ultrajson/issues/502#issuecomment-1031747284 url
https://github.com/ultrajson/ultrajson/issues/501 url
https://github.com/ultrajson/ultrajson/pull/504 url
[debian-lts-announce] 20220226 [SECURITY] [DLA 2929-1] ujson security update mailing-list
FEDORA-2022-dbf6e00ba8 vendor-advisory
FEDORA-2022-569b6b45e2 vendor-advisory
FEDORA-2022-d1452fd421 vendor-advisory
FEDORA-2022-33e816bc37 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-45958 advisory
https://github.com/ultrajson/ultrajson/pull/519 url
https://github.com/advisories/GHSA-fh56-85cw-5pq6 advisory
https://github.com/pypa/advisory-database/tree/main/vulns/ujson/PYSEC-2022-25.yaml url
https://github.com/ultrajson/ultrajson package

…and 4 more

Open in Interactive Console →

$ Console Community · 100/wk Open console ›