VDB
DEBIAN-CVE-2025-57052
DEBIAN-CVE-2025-57052
PUBLISHED
CVSS 9.800000190734863 CRITICAL
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | cjson | 1.7.14-1, 1.7.14-1+deb11u1, 1.7.14-1+deb11u2 |
| Debian:14 | cjson | 0, 1.7.18-3.1, 1.7.18-4 |
| Debian:12 | cjson | 1.7.15-1, 1.7.15-1, 1.7.15-1 |
| Debian:13 | cjson | 1.7.18-3.1, 0, 1.7.18-3.1 |
Timeline
- Sep 3, 2025 CVE Published
- Apr 28, 2026 CVE Updated