CVE-2022-31116 is a vulnerability in UltraJSON (ujson), a high-performance JSON encoder and decoder implemented in pure C with Python bindings for versions 3.7 and above. The affected versions prior to 5.4.0 improperly handle JSON strings containing escaped surrogate characters that are not part of valid surrogate pairs. In Unicode, surrogate pairs are used to encode characters outside the Basic Multilingual Plane, and improper handling of lone surrogates can lead to incorrect decoding results. Specifically, ujson versions before 5.4.0 decode these lone surrogates incorrectly, which can corrupt string data and cause key confusion and value overwriting in Python dictionaries. This means that when JSON data from untrusted sources contains such malformed surrogate sequences, the resulting Python dictionary objects may have overwritten or misrepresented keys and values, potentially leading to logic errors, data integrity issues, or security flaws in applications relying on this data. From version 5.4.0 onward, UltraJSON aligns its decoding behavior with Python's standard json module by preserving lone surrogates in the parsed output, mitigating the issue. There are no known workarounds aside from upgrading to the fixed version. The vulnerability is classified under CWE-670, which relates to always-incorrect control flow implementation, indicating a fundamental flaw in how the decoder processes certain input sequences. Although no exploits are currently known in the wild, all users parsing JSON from untrusted sources with affected versions are at risk of data corruption and potential downstream impacts due to this flaw.

For European organizations, the impact of this vulnerability primarily revolves around data integrity and application reliability. Organizations that utilize UltraJSON for parsing JSON data from external or untrusted sources risk corrupted data structures, which can lead to incorrect application behavior, logic errors, or security issues such as unauthorized data manipulation or denial of service through malformed inputs. This is particularly critical for sectors handling sensitive or regulated data, such as financial services, healthcare, and government agencies, where data integrity is paramount. Additionally, applications that rely on JSON for configuration, inter-service communication, or API responses could experience subtle bugs or failures that are difficult to diagnose. While this vulnerability does not directly lead to remote code execution or privilege escalation, the potential for key confusion and value overwriting could be exploited in complex attack chains or to bypass certain application-level security controls. The lack of known exploits suggests a low immediate threat, but the widespread use of UltraJSON in Python environments means that many European organizations could be affected if they have not updated to the patched version. The vulnerability's medium severity reflects the moderate risk posed by data corruption and the potential for indirect security consequences.

The primary and most effective mitigation is to upgrade UltraJSON to version 5.4.0 or later, where the decoding behavior has been corrected to handle lone surrogates safely and consistently with the Python standard library. Organizations should audit their software dependencies to identify usage of UltraJSON versions below 5.4.0, especially in environments processing JSON from untrusted or external sources. For environments where immediate upgrading is not feasible, consider implementing input validation or sanitization layers that detect and reject JSON inputs containing malformed surrogate pairs before they reach the UltraJSON parser. Additionally, developers should review application logic that depends on JSON key uniqueness and integrity to detect anomalies that might arise from corrupted parsing results. Monitoring and logging JSON parsing errors or unexpected dictionary behaviors can help identify exploitation attempts or data corruption. Finally, organizations should incorporate this vulnerability into their software supply chain risk management and vulnerability scanning processes to ensure timely detection and remediation.