Search CVE reports
1 – 5 of 5 results
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the...
3 affected packages
ujson, pandas, collada2gltf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ujson | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| collada2gltf | Not in release | Needs evaluation | — | Needs evaluation |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1])...
3 affected packages
pandas, ujson, collada2gltf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| collada2gltf | Not in release | Needs evaluation | — | Needs evaluation |
Some fixes available 4 of 25
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice....
3 affected packages
collada2gltf, pandas, ujson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| collada2gltf | Not in release | Needs evaluation | Not in release | Needs evaluation |
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 24
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of...
3 affected packages
collada2gltf, pandas, ujson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| collada2gltf | Not in release | Needs evaluation | Not in release | Needs evaluation |
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 21
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
2 affected packages
pandas, ujson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Not affected | Fixed | Fixed | Fixed |