Update dependency ujson to v5.13.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ujson	==5.9.0 → ==5.13.0

---

UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

CVE-2026-32875 / GHSA-c8rr-9gxc-jprv

More information

Details

Summary

ujson.dumps() crashes the Python interpreter (segmentation fault) when the product of the indent parameter and the nested depth of the input exceeds INT32_MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow whilst calculating how much memory to reserve for indentation. And both can be used to achieve denial of service.

(Note: A negative indent to ujson means add spaces after colons but do not add line breaks or indentation. It is unclear to the current maintainers whether this was ever even an intended feature or just a byproduct of the way it was written.)

Exploitability

To be vulnerable, a service must call ujson.dump()/ujson.dumps()/ujson.encode() whilst giving untrusted users control over the indent parameter and not restrict that indentation to reasonably small non-negative values. (Even with the fix for this vulnerability, such usage is strongly advised against since even a bug-free JSON serialiser would be vulnerable to denial of service simply by the attacker requesting indents that have the server needlessly filling out gigabytes of whitespace.)

A service may also be vulnerable to the infinite loop if it uses a fixed negative indent. An underflow always occurs for any negative indent when the input data is at least one level nested but, for small negative indents, the underflow is usually accidentally rectified by another overflow. As far as the maintainers are aware, the infinite loop can not be reached for indentations from -1 to -65536 / max_recursion_depth_as_limited_by_stack_size but users of negative indents are encouraged to consider their service affected even if the infinite loop seems unreachable.

Example

import ujson

def example(depth, indent):
    a = [0]
    for i in range(1000):
        a = [a]
    ujson.dumps(a, indent=indent)

example(1, 2**30)  # segfault
example(1000, -200)  # infinite loop

Patches

ujson 5.12.0, containing 486bd4553dc471a1de11613bc7347a6b318e37ea, promotes the integer types where the overflow occurred, skips the indentation code path for negative indent (which was supposed to be a no-op) and places an artificial cap of 1000 on the indent parameter.

Workarounds

Users who don't wish to upgrade can either use a fixed indentation, no indentation or ensure indentation is non-negative and not enormous (below 2**31 / max_recursion_depth_as_limited_by_stack_size).

References

The original bug report can be found at https://github.com/ultrajson/ultrajson/issues/700

This issue was independently discovered by @​coco1629, @​EthanKim88 and @​vmfunc.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c8rr-9gxc-jprv
• https://nvd.nist.gov/vuln/detail/CVE-2026-32875
• https://github.com/ultrajson/ultrajson/issues/700
• https://github.com/ultrajson/ultrajson/commit/486bd4553dc471a1de11613bc7347a6b318e37ea
• https://github.com/ultrajson/ultrajson

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

UltraJSON has a Memory Leak parsing large integers allows DoS

CVE-2026-32874 / GHSA-wgvc-ghv9-3pmm

More information

Details

Summary

ujson 5.4.0 to 5.11.0 inclusive contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers.

Exploitability

Any service that calls ujson.load()/ujson.loads()/ujson.decode() on untrusted inputs is affected and vulnerable to denial of service attacks.

Details

The leaked memory is a copy of the string form of the integer plus an additional NULL byte. The leak occurs irrespective of whether the integer parses successfully or is rejected due to having more than sys.get_int_max_str_digits() digits, meaning that any sized leak per malicious JSON can be achieved provided that there is no limit on the overall size of the payload.

ujson.loads(str(2 ** 64 - 1))  # No leak
ujson.loads(str(2 ** 64))  # Leaks
ujson.loads(str(10 ** sys.get_int_max_str_digits()))  # Leaks and raises ValueError

Fix

The leak is fixed in ujson 5.12.0 (4baeb950df780092bd3c89fc702a868e99a3a1d2). There are no workarounds beyond upgrading to an unaffected version.

Credits

Discovered by Cameron Criswell/Skevros using Coverage-guided fuzzing (libFuzzer + AddressSanitizer)

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wgvc-ghv9-3pmm
• https://nvd.nist.gov/vuln/detail/CVE-2026-32874
• https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2
• https://github.com/ultrajson/ultrajson
• https://github.com/ultrajson/ultrajson/releases/tag/5.12.0

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

UltraJSON has a Memory Leak in ujson.dump() on Write Failure

CVE-2026-44660 / GHSA-c38f-wx89-p2xg

More information

Details

Summary

When ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.

Code that uses ujson.dumps() rather than ujson.dump() or only JSON load/decode methods is unaffected.

Details

Vulnerability Location:

• src/ujson/python/objToJSON.c:913 - objToJSONFile() function start
• src/ujson/python/objToJSON.c:931 - Error return on write failure
• src/ujson/python/objToJSON.c:942 - Early return without cleanup

Root Cause:

The objToJSONFile() function allocates a Python string object via ujson_dumps_internal(), calls the file's write() method, and returns early if write() raises an exception—but never calls Py_DECREF(string) on the early exit path.

PoC

import gc, tracemalloc, ujson

class BadFile:
    def write(self, s):
        raise RuntimeError("boom")

obj = {"x": "A" * 200000}

def run():
    try:
        ujson.dump(obj, BadFile())
    except RuntimeError:
        pass

run()
tracemalloc.start()
gc.collect()
base = tracemalloc.get_traced_memory()[0]

for i in range(5):
    run()
    gc.collect()
    cur = tracemalloc.get_traced_memory()[0]
    print(i, cur - base)

Impact

Any application that serializes data through ujson.dump() to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using ujson.dump() by repeatedly making requests then closing the connection mid response.

Remediation

The missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to UltraJSON 5.12.1.

Workarounds

Replacing ujson.dump(obj, file) with file.write(ujson.dumps(obj)) is equivalent (contrary to popular misconception, there are no streaming benefits to using ujson.dump()) and will avoid the memory leak.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg
• https://nvd.nist.gov/vuln/detail/CVE-2026-44660
• https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9
• https://github.com/ultrajson/ultrajson
• https://github.com/ultrajson/ultrajson/releases/tag/5.12.1

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

CVE-2026-54911 / GHSA-3j69-69wj-xqx2

More information

Details

Summary

ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity issues.

Details

The expected behavior is that for x being any bytes string, x == ujson.loads(ujson.dumps(x, reject_bytes=False)).encode(errors="surrogatepass") should always either be true or ujson.dumps() will throw an exception. In reality, some strings which should've been errors are silently rewritten as other strings:

• Invalid continuation bytes are replaced with valid ones: b'\xcf\x13' -> b'\xcf\x93'
• Unterminated sequence completes the sequence: b'\xc3' -> b'\xc3\x80'
• ... or leads to reading past the end of string: b'\xf0\x90\x94' -> b"\xf0\x90\x94\x80inxcontrib'"

Impact

An application relying on reject_bytes=False for UTF-8 handling may experience:

• Data integrity issues
• Experience validation bypass if said validation occurs before serialisation

Remediation

The missing/broken UTF-8 validation checks were added/fixed in ultrajson/ultrajson@169eaf3. We recommend upgrading to UltraJSON 5.13.0.

Workarounds

Decoding bytes to strings in Python before passing them to ujson.dumps() avoids this issue.

Severity

• CVSS Score: 6.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

• https://github.com/ultrajson/ultrajson/security/advisories/GHSA-3j69-69wj-xqx2
• https://github.com/ultrajson/ultrajson/commit/169eaf36b1116fece5034ee79a7a0ef3f6deedcf
• https://github.com/ultrajson/ultrajson
• https://github.com/ultrajson/ultrajson/releases/tag/5.13.0

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

ultrajson/ultrajson (ujson)

v5.13.0

Compare Source

Added

• Create manylinux2014 wheels (#​745) @​hugovk
• Add support for Python 3.15 (#​742) @​hugovk
• Disable global interpreter lock for freethreading (#​737) @​bwoodsend
• Re-enable building GraalPy wheels on macOS arm64 (#​733) @​timfel

Changed

• Move metadata from setup.cfg to pyproject.toml (#​736) @​hugovk

Fixed

• Tighten UTF-8 validation for ujson.dumps(b"...", reject_bytes=False) (169eaf3) @​bwoodsend
• Replace generated version.h with macro (#​735) @​hugovk

v5.12.1

Compare Source

Fixed

• Fix encoding ref leak with non-English character (#​714) @​nhancdt2602
• Fix memory leak when ujson.dump() is unable to write to its file (0bf630a) @​bwoodsend

Note that pre-built wheels for graalpy on macOS have been omitted from this release due to infrastructural issues building them (#​731).

v5.12.0

Compare Source

Added

• Update license field (#​693) @​wagenrace
• Build wheels for GraalPy (#​685) @​timfel

Changed

• Drop support for Python 3.9 (#​686) @​hugovk

Fixed

• Fix buffer overflow/infinite loop from indent handling (#​709) @​bwoodsend
• Remove upper bound of setuptools for PyPy (#​704) @​hugovk

v5.11.0

Compare Source

Added

• Inline type stubs (#​674) @​MarcoGorelli
• Add support for Python 3.14 (#​680) @​hugovk
• Add support for PyPy3.11 (#​658) @​hugovk
• Add Windows ARM64 wheels (#​663) @​tonybaloney

Changed

• Migrate to src/ layout (#​664) @​hugovk
• Build aarch64 wheels using native runners (#​652) @​hugovk
• Drop support for EOL Python 3.8 (#​645) @​hugovk
• Drop support for EOL PyPy3.8-PyPy3.10 (#​639, #​682) @​hugovk

Fixed

• fix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (#​667) @​grandnew
• Pin setuptools < 72.2 to fix build on PyPy (#​638) @​hugovk
• Update README.md example to match actual output (#​654) @​AvdN

v5.10.0

Compare Source

Added

• Add support for Python 3.13 (#​628) @​hugovk

---

Configuration

📅 Schedule: (in timezone America/Toronto)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.