mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-27 00:50:19 +01:00
736 B
736 B
CVE-2015-4590
Description
The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\0", which triggers a buffer overflow and over-read.
POC
Reference
No PoCs from references.