CVE-2016-4303 (iperf, leap, opensuse, suse_package_hub_for_suse_linux_enterprise)

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

Source: CVE-2016-4303 (iperf, leap, opensuse, suse_package_hub_for_suse_linux_enterprise)