Search CVE reports
1 – 3 of 3 results
CVE-2022-31117
Medium prioritySome fixes available 4 of 23
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice....
3 affected packages
collada2gltf, pandas, ujson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| collada2gltf | Not in release | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2022-31116
Medium prioritySome fixes available 4 of 22
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of...
3 affected packages
collada2gltf, pandas, ujson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| collada2gltf | Not in release | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2021-45958
Medium prioritySome fixes available 4 of 19
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
2 affected packages
pandas, ujson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ujson | Not affected | Fixed | Fixed | Fixed | Fixed |