cvelistv5 - cve-2023-53154

CVE-2023-53154 (GCVE-0-2023-53154)

Vulnerability from cvelistv5

Published

2025-05-23 00:00

Modified

2025-11-03 19:28

Severity ?

2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-125 - Out-of-bounds Read

Summary

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

References

URL

Tags

cve@mitre.org	https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18	Release Notes
cve@mitre.org	https://github.com/DaveGamble/cJSON/issues/800	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/DaveGamble/cJSON/issues/800	Exploit, Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	cJSON project	cJSON	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-53154",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-23T15:41:47.066979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-23T15:41:58.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/DaveGamble/cJSON/issues/800"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:28:58.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "cJSON",
          "vendor": "cJSON project",
          "versions": [
            {
              "lessThan": "1.7.18",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cjson_project:cjson:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.7.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-23T15:16:29.711Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18"
        },
        {
          "url": "https://github.com/DaveGamble/cJSON/issues/800"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-53154",
    "datePublished": "2025-05-23T00:00:00.000Z",
    "dateReserved": "2025-05-23T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:28:58.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53154\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-05-23T16:15:22.080\",\"lastModified\":\"2025-11-03T20:16:06.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\\\"1\\\":1, with no trailing newline if cJSON_ParseWithLength is called.\"},{\"lang\":\"es\",\"value\":\"parse_string en cJSON anterior a 1.7.18 tiene una sobrelectura de b\u00fafer basada en mont\u00f3n a trav\u00e9s de {\\\"1\\\":1, sin nueva l\u00ednea final si se llama a cJSON_ParseWithLength.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cjson_project:cjson:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.18\",\"matchCriteriaId\":\"DB89DBA4-DAFF-437E-B8C7-D9096DDD5D95\"}]}]}],\"references\":[{\"url\":\"https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/DaveGamble/cJSON/issues/800\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/DaveGamble/cJSON/issues/800\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:28:58.976Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-53154\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-23T15:41:47.066979Z\"}}}], \"references\": [{\"url\": \"https://github.com/DaveGamble/cJSON/issues/800\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-23T15:35:46.852Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.9, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\"}}], \"affected\": [{\"vendor\": \"cJSON project\", \"product\": \"cJSON\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.18\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18\"}, {\"url\": \"https://github.com/DaveGamble/cJSON/issues/800\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\\\"1\\\":1, with no trailing newline if cJSON_ParseWithLength is called.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:cjson_project:cjson:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.7.18\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-05-23T15:16:29.711Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-53154\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:28:58.976Z\", \"dateReserved\": \"2025-05-23T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-05-23T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

fkie_cve-2023-53154

Vulnerability from fkie_nvd

Published

2025-05-23 16:15

Modified

2025-11-03 20:16

Severity ?

2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

References

URL	Tags
cve@mitre.org	https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18	Release Notes
cve@mitre.org	https://github.com/DaveGamble/cJSON/issues/800	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/DaveGamble/cJSON/issues/800	Exploit, Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	cjson_project	cjson	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cjson_project:cjson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB89DBA4-DAFF-437E-B8C7-D9096DDD5D95",
              "versionEndExcluding": "1.7.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called."
    },
    {
      "lang": "es",
      "value": "parse_string en cJSON anterior a 1.7.18 tiene una sobrelectura de b\u00fafer basada en mont\u00f3n a trav\u00e9s de {\"1\":1, sin nueva l\u00ednea final si se llama a cJSON_ParseWithLength."
    }
  ],
  "id": "CVE-2023-53154",
  "lastModified": "2025-11-03T20:16:06.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.9,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-23T16:15:22.080",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/DaveGamble/cJSON/issues/800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/DaveGamble/cJSON/issues/800"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}

ghsa-8h4w-44qv-79mq

Vulnerability from github

Published

2025-05-23 18:32

Modified

2025-11-03 21:33

Severity ?

2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-53154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-23T16:15:22Z",
    "severity": "LOW"
  },
  "details": "parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called.",
  "id": "GHSA-8h4w-44qv-79mq",
  "modified": "2025-11-03T21:33:57Z",
  "published": "2025-05-23T18:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53154"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DaveGamble/cJSON/issues/800"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

msrc_cve-2023-53154

Vulnerability from csaf_microsoft

Published

2025-05-02 00:00

Modified

2025-09-04 01:32

Summary

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-53154 parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2023-53154.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called.",
    "tracking": {
      "current_release_date": "2025-09-04T01:32:31.000Z",
      "generator": {
        "date": "2025-10-20T03:18:58.573Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-53154",
      "initial_release_date": "2025-05-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-04T01:32:31.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 apparmor 3.0.4-4",
                "product": {
                  "name": "\u003ccbl2 apparmor 3.0.4-4",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 apparmor 3.0.4-4",
                "product": {
                  "name": "cbl2 apparmor 3.0.4-4",
                  "product_id": "20097"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 apparmor 3.0.4-5",
                "product": {
                  "name": "\u003ccbl2 apparmor 3.0.4-5",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 apparmor 3.0.4-5",
                "product": {
                  "name": "cbl2 apparmor 3.0.4-5",
                  "product_id": "20386"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 apparmor 3.1.7-1",
                "product": {
                  "name": "\u003cazl3 apparmor 3.1.7-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 apparmor 3.1.7-1",
                "product": {
                  "name": "azl3 apparmor 3.1.7-1",
                  "product_id": "20442"
                }
              }
            ],
            "category": "product_name",
            "name": "apparmor"
          },
          {
            "category": "product_name",
            "name": "azl3 ceph 18.2.2-8",
            "product": {
              "name": "azl3 ceph 18.2.2-8",
              "product_id": "5"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 libglvnd 1.3.2-5",
            "product": {
              "name": "cbl2 libglvnd 1.3.2-5",
              "product_id": "4"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 libglvnd 1.7.0-2",
            "product": {
              "name": "azl3 libglvnd 1.7.0-2",
              "product_id": "6"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 apparmor 3.0.4-4 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 apparmor 3.0.4-4 as a component of CBL Mariner 2.0",
          "product_id": "20097-17086"
        },
        "product_reference": "20097",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 ceph 18.2.2-8 as a component of Azure Linux 3.0",
          "product_id": "17084-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 apparmor 3.0.4-5 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 apparmor 3.0.4-5 as a component of CBL Mariner 2.0",
          "product_id": "20386-17086"
        },
        "product_reference": "20386",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 libglvnd 1.3.2-5 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libglvnd 1.7.0-2 as a component of Azure Linux 3.0",
          "product_id": "17084-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 apparmor 3.1.7-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 apparmor 3.1.7-1 as a component of Azure Linux 3.0",
          "product_id": "20442-17084"
        },
        "product_reference": "20442",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-53154",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17084-5",
            "17086-4",
            "17084-6"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20097-17086",
          "20386-17086",
          "20442-17084"
        ],
        "known_affected": [
          "17086-3",
          "17086-2",
          "17084-1"
        ],
        "known_not_affected": [
          "17084-5",
          "17086-4",
          "17084-6"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-53154 parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2023-53154.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-04T01:32:31.000Z",
          "details": "3.0.4-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-3",
            "17086-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-04T01:32:31.000Z",
          "details": "3.1.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 2.9,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "17086-3",
            "17086-2",
            "17084-1"
          ]
        }
      ],
      "title": "parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called."
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-53154 (GCVE-0-2023-53154)

Vulnerability from cvelistv5

fkie_cve-2023-53154

Vulnerability from fkie_nvd

ghsa-8h4w-44qv-79mq

Vulnerability from github

msrc_cve-2023-53154

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature