{"id":"CVE-2019-1010239","details":"DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.","modified":"2026-04-11T08:55:39.236643Z","published":"2019-07-19T17:15:11.783Z","references":[{"type":"REPORT","url":"https://github.com/DaveGamble/cJSON/issues/315"},{"type":"FIX","url":"https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/davegamble/cjson","events":[{"introduced":"0"},{"last_affected":"08103f048e5f54c8f60aaefda16761faf37114f2"},{"fixed":"be749d7efa7c9021da746e685bd6dec79f9dd99b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.8"}]}}],"versions":["v0.0.0","v1.0.0","v1.0.1","v1.0.2","v1.1.0","v1.2.0","v1.2.1","v1.3.0","v1.3.1","v1.3.2","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8"],"database_specific":{"vanir_signatures":[{"id":"CVE-2019-1010239-9a71d5e9","source":"https://github.com/davegamble/cjson/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["224199097714152500685060613489551063673","263306131530668607124660773459305113150","101567609787641322313061128201671283971","27373886340953218651097535203678432342","94349402640710516686814555294711995288","256041248616311685493264993785715254352","249984960554289153839085472433335404881"]},"target":{"file":"tests/misc_tests.c"},"signature_version":"v1","signature_type":"Line"},{"id":"CVE-2019-1010239-cb2922af","source":"https://github.com/davegamble/cjson/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b","deprecated":false,"digest":{"length":1312,"function_hash":"109269136433503758609033108952340694087"},"target":{"file":"tests/misc_tests.c","function":"main"},"signature_version":"v1","signature_type":"Function"},{"id":"CVE-2019-1010239-d54c952c","source":"https://github.com/davegamble/cjson/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["110158048780372033563003727122640263566","102135626717220927749796671384019011331","161798095326186906482607920762638486283","326347769658183875004517515912785408478","77015495928629426346096685545810977164","223966340855811208281438311395380140665","309066967077049681069119056470985999036"]},"target":{"file":"cJSON.c"},"signature_version":"v1","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010239.json","vanir_signatures_modified":"2026-04-11T08:55:39Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"18.1.3.1.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}