CVE Vulnerabilities

CVE-2024-31755

NULL Pointer Dereference

Published: Apr 26, 2024 | Modified: Jun 30, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io minimus.io echohq.com

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Cjson Cjson_project 1.7.17 (including) 1.7.17 (including)
Red Hat Satellite 6.15 for RHEL 8 RedHat cjson-0:1.7.18-1.el8sat *
Red Hat Satellite 6.15 for RHEL 8 RedHat cjson-0:1.7.18-1.el8sat *
Red Hat Satellite 6.16 for RHEL 8 RedHat cjson-0:1.7.18-1.el8sat *
Red Hat Satellite 6.16 for RHEL 8 RedHat cjson-0:1.7.18-1.el8sat *
Red Hat Satellite 6.16 for RHEL 9 RedHat cjson-0:1.7.18-1.el9sat *
Red Hat Satellite 6.16 for RHEL 9 RedHat cjson-0:1.7.18-1.el9sat *
Red Hat Satellite 6.17 for RHEL 9 RedHat cjson-0:1.7.18-1.el9sat *
Red Hat Satellite 6.17 for RHEL 9 RedHat cjson-0:1.7.18-1.el9sat *
Cjson Ubuntu esm-apps/jammy *
Cjson Ubuntu esm-apps/noble *
Cjson Ubuntu jammy *
Cjson Ubuntu mantic *
Cjson Ubuntu noble *
Cjson Ubuntu upstream *

Potential Mitigations

References