CVE-2024-47855

NameCVE-2024-47855
Descriptionutil/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1084191

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libjson-java (PTS)jessie2.3-3vulnerable
buster, stretch2.4-3vulnerable
bullseye, bookworm2.4-3.1vulnerable
sid, trixie3.1.0+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libjson-javasourcejessie(unfixed)end-of-life
libjson-javasourcestretch(unfixed)end-of-life
libjson-javasourcebuster(unfixed)end-of-life
libjson-javasource(unstable)3.1.0+dfsg-11084191

Notes

Fixed by: https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e (v3.1.0)

Search for package or bug name: Reporting problems