CVE-2018-1000215 - Vulnerability Details - OpenCVE

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Davegamble	Cjson

Configuration 1 [-]

cpe:2.3:a:davegamble:cjson:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/DaveGamble/cJSON/issues/267

History

Tue, 22 Jul 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Davegamble Davegamble cjson
CPEs	cpe:2.3:a:cjson_project:cjson::::::::	cpe:2.3:a:davegamble:cjson::::::::
Vendors & Products	Cjson Project Cjson Project cjson	Davegamble Davegamble cjson

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-20T20:00:00Z

Updated: 2024-09-16T20:52:02.538Z

Reserved: 2018-08-20T00:00:00Z

Link: CVE-2018-1000215

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-20T20:29:00.487

Modified: 2025-07-22T18:17:45.530

Link: CVE-2018-1000215

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-20T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/DaveGamble/cJSON/issues/267"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.505150", "DATE_REQUESTED": "2018-07-23T16:30:00", "ID": "CVE-2018-1000215", "REQUESTER": "secure@veritas.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/DaveGamble/cJSON/issues/267", "refsource": "CONFIRM", "url": "https://github.com/DaveGamble/cJSON/issues/267"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:46.860Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/DaveGamble/cJSON/issues/267"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000215", "datePublished": "2018-08-20T20:00:00Z", "dateReserved": "2018-08-20T00:00:00Z", "dateUpdated": "2024-09-16T20:52:02.538Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:davegamble:cjson:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA8C3364-5401-4D50-9748-84BE624C72AE", "versionEndIncluding": "1.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7."}, {"lang": "es", "value": "Dave Gamble cJSON en versiones 1.7.6 y anteriores contiene una vulnerabilidad CWE-772 en la librer\u00eda cJSON que puede resultar en una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable si el atacante puede forzar los datos que se van a imprimir y el sistema tiene poca memoria, en cuyo caso podr\u00eda forzar una fuga de memoria. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.7.7."}], "id": "CVE-2018-1000215", "lastModified": "2025-07-22T18:17:45.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-20T20:29:00.487", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/DaveGamble/cJSON/issues/267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/DaveGamble/cJSON/issues/267"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}