cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:9838 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * cjson: segmentation violation in function cJSON_InsertItemInArray (CVE-2023-50471)

    * cjson: segmentation violation in function cJSON_SetValuestring (CVE-2023-50472)

    * cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at     cJSON.c (CVE-2024-31755)

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    * python-sqlparse: sqlparse: parsing heavily nested list leads to denial of service (CVE-2024-4340)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0139-1 advisory.

    - Update to 1.7.18:
      * CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420)
      * Remove non-functional list handling of compiler flags
      * Fix heap buffer overflow
      * remove misused optimization flag -01
      * Set free'd pointers to NULL whenever they are not reassigned         immediately after

    - Update to version 1.7.17 (boo#1218098, CVE-2023-50472,         boo#1218099, CVE-2023-50471):
      * Fix null reference in cJSON_SetValuestring (CVE-2023-50472).
      * Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471).

    - Update to 1.7.16:
      * Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt
      * Add cmake_policy to CMakeLists.txt
      * Add cJSON_SetBoolValue
      * Add meson documentation
      * Fix memory leak in merge_patch
      * Fix conflicting target names 'uninstall'
      * Bump cmake version to 3.0 and use new version syntax
      * Print int without decimal places
      * Fix 'cjson_utils-static' target not exist
      * Add allocate check for replace_item_in_object
      * Fix a null pointer crash in cJSON_ReplaceItemViaPointer

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6784-1 advisory.

    It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue     to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and     Ubuntu 23.10. (CVE-2023-50471, CVE-2023-50472)

    Luo Jin discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue     to cause cJSON to crash, resulting in a denial of service. (CVE-2024-31755)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
240696	RHEL 8 : Satellite 6.15.5.3 Async Update (Moderate) (RHSA-2025:9838)	Nessus	Red Hat Local Security Checks	high
197933	openSUSE 15 Security Update : cJSON (openSUSE-SU-2024:0139-1)	Nessus	SuSE Local Security Checks	high
197836	Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : cJSON vulnerabilities (USN-6784-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2023-50472

high

Tenable Plugins

high

high

high