CVE-2016-4303

9.8 CRITICAL
Published: September 26, 2016 Modified: May 06, 2026
View on NVD

Description

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blog.talosintel.com/2016/06/esnet-vulnerability.html
Source: cret@cert.org
Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html
Source: cret@cert.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html
Source: cret@cert.org
Mailing List Third Party Advisory
http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released
Source: cret@cert.org
Release Notes Third Party Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0164/
Source: cret@cert.org
Exploit Third Party Advisory
https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a
Source: cret@cert.org
Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html
Source: cret@cert.org
Mailing List Third Party Advisory
https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
Source: cret@cert.org
Third Party Advisory
http://blog.talosintel.com/2016/06/esnet-vulnerability.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Third Party Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0164/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

16 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
5.7%
90th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-120

Affected Vendors

es debian novell opensuse

Related CVEs

CVE-2026-8086 5.3
CVE-2026-8084 3.3
CVE-2026-8083 7.3
CVE-2026-44742 7.2
CVE-2026-44244 7.8