Is CVE-2022-31117 actively exploited?

CVE-2022-31117 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2022-31117?

CVE-2022-31117 has a CVSS score of 5.9 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2022-31117?

Patch guidance is available from ultrajson project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-31117.

CVE-2022-31117 - remediation guidance & executive summary

Q: Which products are affected by CVE-2022-31117?

3 products: ultrajson project ultrajson, fedoraproject fedora, fedoraproject fedora.

Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: high
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-415

Metadata

Primary Vendor: ULTRAJSON_PROJECT
Published: 7/5/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

ultrajson_project : ultrajsonfedoraproject : fedorafedoraproject : fedora

Remediation Guidance

Executive Summary

Cite this page

CVE-2022-31117. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2022-31117

View on NIST NVD

CVE-2022-31117 vulnerability