Out-of-Bounds Write Affecting ujson package, versions [1.34,5.2.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.1% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-UJSON-2359034
  • published23 Jan 2022
  • disclosed21 Jan 2022
  • creditOSS-Fuzz

Introduced: 21 Jan 2022

CVE-2021-45958  (opens in a new tab)
CWE-787  (opens in a new tab)

How to fix?

Upgrade ujson to version 5.2.0 or higher.

Overview

ujson is an Ultra fast JSON encoder and decoder for Python

Affected versions of this package are vulnerable to Out-of-Bounds Write via a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).

CVSS Scores

version 3.1