VDB

CVE-2023-53154

CVE-2023-53154 PUBLISHED CVSS 2.9000000953674316 LOW

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

EPSS 0.09% · 25.4th percentile

Risk Scores

CVSS 3.1
2.9000000953674316
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.09%
25.4th percentile

Affected Products

VendorProductVersions
cJSON projectcJSON0, 0
cjson_projectcjson0, 0, 0

Timeline

  • May 23, 2025 CVE Published
  • May 23, 2025 Coalition ESS Score
  • May 23, 2025 PoC Published
  • May 24, 2025 EPSS Score
  • May 28, 2025 Coalition ESS Score
  • Jun 4, 2025 EPSS Score
  • Jun 15, 2025 EPSS Score
  • Jun 16, 2025 Coalition ESS Score
  • Jun 26, 2025 EPSS Score
  • Jul 7, 2025 EPSS Score
  • Jul 18, 2025 EPSS Score
  • Jul 22, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›