Out-of-Bounds Write Affecting ujson package, versions [1.34,5.2.0)
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.13% (47th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-UJSON-2359034
- published 23 Jan 2022
- disclosed 21 Jan 2022
- credit OSS-Fuzz
Introduced: 21 Jan 2022
CVE-2021-45958 Open this link in a new tabHow to fix?
Upgrade ujson
to version 5.2.0 or higher.
Overview
ujson is an Ultra fast JSON encoder and decoder for Python
Affected versions of this package are vulnerable to Out-of-Bounds Write via a stack-based buffer overflow in Buffer_AppendIndentUnchecked
(called from encode
).