Miggo Logo

CVE-2022-31116: Incorrect handling of invalid surrogate pair characters

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.32458%
Published
7/5/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
ujsonpip< 5.4.05.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper surrogate handling during JSON decoding. The commit shows critical changes in decode_string() where wchar_t was replaced with JSUINT32 (fixed 32-bit storage) and surrogate combination logic was removed. Similarly, Object_newString was modified to use Py_UCS4 instead of wchar_t. These changes directly address the root cause of incorrect surrogate preservation described in the advisory. The test case removals confirm these functions were the source of platform-dependent surrogate handling issues.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t _W**t kin* o* vuln*r**ility is it? W*o is imp**t**?_ *nyon* p*rsin* JSON *rom *n untrust** sour** is vuln*r**l*. JSON strin*s t**t *ont*in *s**p** surro**t* ***r**t*rs not p*rt o* * prop*r surro**t* p*ir w*r* ***o*** in*orr**tly. **si**s

Reasoning

T** vuln*r**ility st*ms *rom improp*r surro**t* **n*lin* *urin* JSON ***o*in*. T** *ommit s*ows *riti**l ***n**s in ***o**_strin*() w**r* w***r_t w*s r*pl**** wit* JSUINT** (*ix** **-*it stor***) *n* surro**t* *om*in*tion lo*i* w*s r*mov**. Simil*rly