Skip to content

Potential Vulnerability in Cloned Code#65

Merged
sipsorcery merged 1 commit into
sipsorcery:masterfrom
tabudz:cve-2023-50472
Jan 9, 2026
Merged

Potential Vulnerability in Cloned Code#65
sipsorcery merged 1 commit into
sipsorcery:masterfrom
tabudz:cve-2023-50472

Conversation

@tabudz

@tabudz tabudz commented Dec 22, 2025

Copy link
Copy Markdown
Contributor

Summary

Our tool detected a potential vulnerability in gstreamer/cJSON.c which was cloned from DaveGamble/cJSON but did not receive the security patch applied. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2023-50472.

Proposed Fix

Apply the same patch as the one in DaveGamble/cJSON to eliminate the vulnerability.

Reference

https://nvd.nist.gov/vuln/detail/cve-2023-50472
DaveGamble/cJSON@60ff122

@openhands-agent
add NULL checkings (#809)
dd31114 
* add NULL checks in cJSON_SetValuestring

Fixes #803(CVE-2023-50472)

* add NULL check in cJSON_InsertItemInArray

Fixes #802(CVE-2023-50471)
@sipsorcery sipsorcery merged commit 6ff9761 into sipsorcery:master Jan 9, 2026
3 of 18 checks passed
@tabudz

tabudz commented Feb 17, 2026

Copy link
Copy Markdown
Contributor Author

Hi @sipsorcery, thanks for merging our PRs. We plan to request CVEs for this issue. Just wanna make sure if you are OK with us proceeding with the CVE submissions. Thank you!

@sipsorcery

sipsorcery commented Feb 17, 2026

Copy link
Copy Markdown
Owner

@tabudz do you mean for gstreamer or for this repo? There's not a lot of point lodging one for this repo since the code here is only for itnegration tests and there are no end user apps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tabudz @sipsorcery @openhands-agent