summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
diff options
context:
space:
mode:
authorShubham Pushpkar <spushpka@cisco.com>2025-09-19 04:33:31 -0700
committerAnuj Mittal <anuj.mittal@intel.com>2025-09-23 10:16:33 +0800
commitd9e2cae64f4f7d7145c8389bc2406b5865d12893 (patch)
tree05dd7d6ae76b47a87f8823a34350cd207cd48bf7 /meta-oe/recipes-devtools
parenta5de2a57285b1332983d92e5c2cd0c9cb0a8e382 (diff)
downloadmeta-openembedded-d9e2cae64f4f7d7145c8389bc2406b5865d12893.tar.gz
cjson 1.7.18: Fix CVE-2025-57052
Upstream Repository: https://github.com/DaveGamble/cJSON.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57052 Type: Security Fix CVE: CVE-2025-57052 Score: 9.8 Patch: https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
-rw-r--r--meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch33
-rw-r--r--meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch b/meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch
new file mode 100644
index 0000000000..ed3d4a7eba
--- /dev/null
+++ b/meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch
@@ -0,0 +1,33 @@
1From e53a1413304382d562176bed91609e00b4fcf87e Mon Sep 17 00:00:00 2001
2From: Lee <peteralfredlee@gmail.com>
3Date: Fri, 5 Sep 2025 14:53:20 +0800
4Subject: [PATCH] fix the incorrect check in decode_array_index_from_pointer
5 (#957)
6
7this fixes CVE-2025-57052
8
9CVE: CVE-2025-57052
10Upstream-Status: Backport [https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa]
11
12(cherry picked from commit 74e1ff4994aa4139126967f6d289b675b4b36fef)
13Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
14---
15 cJSON_Utils.c | 2 +-
16 1 file changed, 1 insertion(+), 1 deletion(-)
17
18diff --git a/cJSON_Utils.c b/cJSON_Utils.c
19index 63651df..8fa24f8 100644
20--- a/cJSON_Utils.c
21+++ b/cJSON_Utils.c
22@@ -282,7 +282,7 @@ static cJSON_bool decode_array_index_from_pointer(const unsigned char * const po
23 return 0;
24 }
25
26- for (position = 0; (pointer[position] >= '0') && (pointer[0] <= '9'); position++)
27+ for (position = 0; (pointer[position] >= '0') && (pointer[position] <= '9'); position++)
28 {
29 parsed_index = (10 * parsed_index) + (size_t)(pointer[position] - '0');
30
31--
322.44.1
33
diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb
index bdeab3055c..67d536cf24 100644
--- a/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb
+++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
6 6
7SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \ 7SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \
8 file://run-ptest \ 8 file://run-ptest \
9 file://CVE-2025-57052.patch \
9 " 10 "
10SRCREV = "acc76239bee01d8e9c858ae2cab296704e52d916" 11SRCREV = "acc76239bee01d8e9c858ae2cab296704e52d916"
11 12