Skip to content

Potential Vulnerability in Cloned Code#65

Merged
sipsorcery merged 1 commit intosipsorcery:masterfrom
tabudz:cve-2023-50472
Jan 9, 2026
Merged

Potential Vulnerability in Cloned Code#65
sipsorcery merged 1 commit intosipsorcery:masterfrom
tabudz:cve-2023-50472

Conversation

@tabudz
Copy link
Contributor

@tabudz tabudz commented Dec 22, 2025

Summary

Our tool detected a potential vulnerability in gstreamer/cJSON.c which was cloned from DaveGamble/cJSON but did not receive the security patch applied. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2023-50472.

Proposed Fix

Apply the same patch as the one in DaveGamble/cJSON to eliminate the vulnerability.

Reference

https://nvd.nist.gov/vuln/detail/cve-2023-50472
DaveGamble/cJSON@60ff122

@openhands-agent
add NULL checkings (#809)
dd31114 
* add NULL checks in cJSON_SetValuestring

Fixes #803(CVE-2023-50472)

* add NULL check in cJSON_InsertItemInArray

Fixes #802(CVE-2023-50471)
@sipsorcery sipsorcery merged commit 6ff9761 into sipsorcery:master Jan 9, 2026
3 of 18 checks passed
@tabudz
Copy link
Contributor Author

tabudz commented Feb 17, 2026

Hi @sipsorcery, thanks for merging our PRs. We plan to request CVEs for this issue. Just wanna make sure if you are OK with us proceeding with the CVE submissions. Thank you!

@sipsorcery
Copy link
Owner

sipsorcery commented Feb 17, 2026

@tabudz do you mean for gstreamer or for this repo? There's not a lot of point lodging one for this repo since the code here is only for itnegration tests and there are no end user apps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tabudz @sipsorcery @openhands-agent