How severe is CVE-2022-31117?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-31117?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2022-31117

MEDIUM Year: 2022

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-415

View all →

Vulnerability Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.

CVE-2017-6166

MEDIUM

CVSS:5.9(Medium)

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmen...

CWE-4152017

CVE-2023-27537

MEDIUM

CVSS:5.9(Medium)

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...

CWE-4152023

CVE-2024-3187

MEDIUM

CVSS:5.9(Medium)

This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing o...

CWE-4152024

CVE-2020-15710

MEDIUM

CVSS:6.1(Medium)

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/blu...

CWE-4152020

CVE-2018-0160

MEDIUM

CVSS:6.3(Medium)

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerab...

CWE-4152018

CVE-2019-5236

MEDIUM

CVSS:6.3(Medium)

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double fre...

CWE-4152019

CVE-2022-31117

Vulnerability Description

Related Vulnerabilities

CVE-2017-6166

CVE-2023-27537

CVE-2024-3187

CVE-2020-15710

CVE-2018-0160

CVE-2019-5236