ALT-PU-2021-1092-1
Closed vulnerabilities
Published: 2020-05-11
BDU:2021-03538
Уязвимость множества компонентов библиотеки для обработки JSON файлов на языке С JSON-C, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2020-05-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/json-c/json-c/pull/592
- https://github.com/rsyslog/libfastjson/issues/161
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update
- [debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update
- [debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update
- FEDORA-2020-847ad856ab
- FEDORA-2020-63c6f4ab1d
- FEDORA-2020-7eb7eac270
- GLSA-202006-13
- https://security.netapp.com/advisory/ntap-20210521-0001/
- USN-4360-1
- USN-4360-4
- DSA-4741
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- DSA-4741
- USN-4360-4
- USN-4360-1
- https://security.netapp.com/advisory/ntap-20210521-0001/
- GLSA-202006-13
- FEDORA-2020-7eb7eac270
- FEDORA-2020-63c6f4ab1d
- FEDORA-2020-847ad856ab
- [debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update
- [debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update
- https://github.com/rsyslog/libfastjson/issues/161
- https://github.com/json-c/json-c/pull/592