{"id":"CVE-2021-45958","details":"UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.","aliases":["GHSA-fh56-85cw-5pq6","PYSEC-2022-25"],"modified":"2026-04-16T04:36:36.130154636Z","published":"2022-01-01T00:15:08.813Z","related":["SUSE-SU-2023:2134-1","openSUSE-SU-2024:12106-1","openSUSE-SU-2025:15107-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN7W3GOXALINKFUUE7ICQIC2EF5HNKUQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAU5N4A7EUK2AMUCOLYDD5ARXAJYZBD2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O6JUWQTJLA2CMG4CJN7DCUVSOXLZIIXL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULX35TSWLBBIMEH44MUORPXYYRZKEDC6/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00023.html"},{"type":"REPORT","url":"https://github.com/ultrajson/ultrajson/issues/501"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009"},{"type":"FIX","url":"https://github.com/ultrajson/ultrajson/issues/502#issuecomment-1031747284"},{"type":"FIX","url":"https://github.com/ultrajson/ultrajson/pull/504"},{"type":"EVIDENCE","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ujson/OSV-2021-955.yaml"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ultrajson/ultrajson","events":[{"introduced":"0"},{"fixed":"f6860f1f3d8d4e92b9be0e5815355a8976c6e75b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.2.0"}]}}],"versions":["2.0.0","2.0.1","2.0.2","2.0.3","3.0.0","3.1.0","3.2.0","4.0.0","4.0.1","4.0.2","4.1.0","4.2.0","4.3.0","5.0.0","5.1.0","v1.34","v1.35"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45958.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}