Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-29975
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-08 May, 2026 | 16:16
Updated At-12 May, 2026 | 14:51

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causing valid JSON strings ending with an escaped backslash (like "\\") to never terminate parsing. A remote attacker can send well-formed JSON to cause applications using lwjson_stream_parse() to hang indefinitely, resulting in denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-835Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-835
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103cve@mitre.org
N/A
https://github.com/MaJerle/lwjson/blob/develop/lwjson/src/lwjson/lwjson_stream.c#L362-L364cve@mitre.org
N/A
https://github.com/MaJerle/lwjson/tree/developcve@mitre.org
N/A
https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/MaJerle/lwjson/blob/develop/lwjson/src/lwjson/lwjson_stream.c#L362-L364
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/MaJerle/lwjson/tree/develop
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://gist.github.com/dwilliams27/b99fd41be5d6848691797042cbfc1103
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found
Details not found