Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-29975
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-08 May, 2026 | 00:00
Updated At-08 May, 2026 | 18:07
Rejected At-
▼CVE Numbering Authority (CNA)

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causing valid JSON strings ending with an escaped backslash (like "\\") to never terminate parsing. A remote attacker can send well-formed JSON to cause applications using lwjson_stream_parse() to hang indefinitely, resulting in denial of service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/MaJerle/lwjson/tree/develop
N/A
https://github.com/MaJerle/lwjson/blob/develop/lwjson/src/lwjson/lwjson_stream.c#L362-L364
N/A
https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103
N/A
Hyperlink: https://github.com/MaJerle/lwjson/tree/develop
Resource: N/A
Hyperlink: https://github.com/MaJerle/lwjson/blob/develop/lwjson/src/lwjson/lwjson_stream.c#L362-L364
Resource: N/A
Hyperlink: https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-835CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Type: CWE
CWE ID: CWE-835
Description: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103
exploit
Hyperlink: https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103
Resource:
exploit
Details not found