ALT-PU-2020-2322-2
Closed vulnerabilities
Published: 2020-05-11
BDU:2021-03538
Уязвимость множества компонентов библиотеки для обработки JSON файлов на языке С JSON-C, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2014-04-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-6370
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
Severity: MEDIUM (5.0)
References:
- FEDORA-2014-5006
- FEDORA-2014-5006
- 57791
- 57791
- MDVSA-2014:079
- MDVSA-2014:079
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- 66720
- 66720
- https://bugzilla.redhat.com/show_bug.cgi?id=1032322
- https://bugzilla.redhat.com/show_bug.cgi?id=1032322
- jsonc-cve20136370-bo(92540)
- jsonc-cve20136370-bo(92540)
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Published: 2014-04-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
Severity: MEDIUM (5.0)
References:
- FEDORA-2014-5006
- FEDORA-2014-5006
- 57791
- 57791
- MDVSA-2014:079
- MDVSA-2014:079
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- 66715
- 66715
- https://bugzilla.redhat.com/show_bug.cgi?id=1032311
- https://bugzilla.redhat.com/show_bug.cgi?id=1032311
- jsonc-cve20136371-dos(92541)
- jsonc-cve20136371-dos(92541)
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Published: 2020-05-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/json-c/json-c/pull/592
- https://github.com/rsyslog/libfastjson/issues/161
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update
- [debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update
- [debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update
- FEDORA-2020-847ad856ab
- FEDORA-2020-63c6f4ab1d
- FEDORA-2020-7eb7eac270
- GLSA-202006-13
- https://security.netapp.com/advisory/ntap-20210521-0001/
- USN-4360-1
- USN-4360-4
- DSA-4741
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- DSA-4741
- USN-4360-4
- USN-4360-1
- https://security.netapp.com/advisory/ntap-20210521-0001/
- GLSA-202006-13
- FEDORA-2020-7eb7eac270
- FEDORA-2020-63c6f4ab1d
- FEDORA-2020-847ad856ab
- [debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update
- [debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update
- https://github.com/rsyslog/libfastjson/issues/161
- https://github.com/json-c/json-c/pull/592