{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T23:43:36.839","vulnerabilities":[{"cve":{"id":"CVE-2018-1000217","sourceIdentifier":"cve@mitre.org","published":"2018-08-20T20:29:00.737","lastModified":"2025-07-22T18:17:45.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4."},{"lang":"es","value":"Dave Gamble cJSON en versiones 1.7.3 y anteriores contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en la librería cJSON que puede resultar en un posible cierre inesperado, la corrupción de los datos o incluso un RCE. El ataque parece ser explotable dependiendo del uso que le da la aplicación a la librería cJSON. Si la aplicación proporciona una interfaz de red, entonces se puede explotar a través de la red. En caso contrario, se ejecutaría de manera local. La vulnerabilidad parece haber sido solucionada en la versión 1.7.4."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:davegamble:cjson:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.4","matchCriteriaId":"100CD60C-A820-4F44-A5CC-7546B02045AF"}]}]}],"references":[{"url":"https://github.com/DaveGamble/cJSON/issues/248","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/DaveGamble/cJSON/issues/248","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}