CVE-2022-45496

Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
json.h_projectjson.h
𝑥
< 2022-11-14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hyrathon/trophies/security/advisories/GHSA-29hf-wrjw-2f28
https://github.com/sheredom/json.h/issues/92
https://github.com/hyrathon/trophies/security/advisories/GHSA-29hf-wrjw-2f28
https://github.com/sheredom/json.h/issues/92