← voltar
CVE-2026-29975

CVE-2026-29975

CVSS 7.5 HIGHEPSS 0.4%CWE-835
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causing valid JSON strings ending with an escaped backslash (like "\\") to never terminate parsing. A remote attacker can send well-formed JSON to cause applications using lwjson_stream_parse() to hang indefinitely, resulting in denial of service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103https://github.com/MaJerle/lwjson/blob/develop/lwjson/src/lwjson/lwjson_stream.c#L362-L364https://github.com/MaJerle/lwjson/tree/develop