Comments (6)
Up-wind
commented on June 9, 2024
1
Hello, I noticed that the style of your fuzzcode is a bit like Hopper. May I ask if you have made any modifications to Hopper to achieve this?
from cjson.
wyywang
commented on June 9, 2024
1
@Up-wind Thank you for your interest and question. Yes, this work was a collective effort by our team. To achieve the fuzzing results, we indeed made some custom modifications to Hopper, but for various reasons, we are currently unable to open-source this customized version. Fortunately, the double free vulnerability we reported has been identified and fixed. Regarding the assignment of a CVE number, we are also looking forward to it, but that decision rests with the relevant security organizations based on their assessment and processes. We have submitted all the necessary information following the standard procedures and hope to receive a response soon. Thank you again for your attention and understanding.
from cjson.
PeterAlfredLee
commented on June 9, 2024
1
As the recent security policy declares, I think we should discuss in mails.
from cjson.
PeterAlfredLee
commented on June 9, 2024
Looks good.
Seems we can also do similar things to item->string.
from cjson.
Alanscut
commented on June 9, 2024
A pr is always welcome. :)
from cjson.
wyywang
commented on June 9, 2024
A pr is always welcome. :)
Thank you for addressing the issue so quickly. To track and document this vulnerability properly, could we initiate the process to obtain a CVE number for the "Double Free Vulnerability in cJSON_Delete Function"? This will help in acknowledging the security implications and ensuring it is recognized and addressed appropriately in various security advisories and databases.
from cjson.
Related Issues (20)
- question on vxworks 6.8 HOT 3
- cJSON_DeleteItemFromArray considers dicts and arrays equally HOT 1
- Cannot Parse JSON HOT 5
- Add a function cJSON_IsEmpty() HOT 4
- JSON Parse Error HOT 11
- Always provide valuestring
- Fix cmake export to allow cross-compilation with sysroot HOT 1
- Regression on double precision in print_number() when fix a clang compile warning
- A segmentation fault in cJSON_SetValuestring HOT 2
- Can't Install it on PI HOT 2
- cJSON_CreateStringArray and NULL items HOT 4
- Weird Commits HOT 3
- Question: JSON Minifier
- print_number() non guaranteed to be thread safe with floating point numbers
- sorry,delete it
- misc_tests fails on 1.7.18 under Windows HOT 3
- Memory Leak in the cJSON_Free HOT 2
- Bug in print_string_ptr() increment is 4 instead of 5 HOT 2
- Unable to Specify macOS min version
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cjson.