ALT-PU-2023-6481-3
Closed vulnerabilities
BDU:2021-03538
Уязвимость множества компонентов библиотеки для обработки JSON файлов на языке С JSON-C, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-05198
Уязвимость функции parseit библиотеки для обработки JSON файлов JSON-C, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2013-6370
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
- FEDORA-2014-5006
- FEDORA-2014-5006
- 57791
- 57791
- MDVSA-2014:079
- MDVSA-2014:079
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- 66720
- 66720
- https://bugzilla.redhat.com/show_bug.cgi?id=1032322
- https://bugzilla.redhat.com/show_bug.cgi?id=1032322
- jsonc-cve20136370-bo(92540)
- jsonc-cve20136370-bo(92540)
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Modified: 2024-11-21
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
- FEDORA-2014-5006
- FEDORA-2014-5006
- 57791
- 57791
- MDVSA-2014:079
- MDVSA-2014:079
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- 66715
- 66715
- https://bugzilla.redhat.com/show_bug.cgi?id=1032311
- https://bugzilla.redhat.com/show_bug.cgi?id=1032311
- jsonc-cve20136371-dos(92541)
- jsonc-cve20136371-dos(92541)
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
- https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Modified: 2024-11-21
CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/json-c/json-c/pull/592
- https://github.com/rsyslog/libfastjson/issues/161
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update
- [debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update
- [debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update
- FEDORA-2020-847ad856ab
- FEDORA-2020-63c6f4ab1d
- FEDORA-2020-7eb7eac270
- GLSA-202006-13
- https://security.netapp.com/advisory/ntap-20210521-0001/
- USN-4360-1
- USN-4360-4
- DSA-4741
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- DSA-4741
- USN-4360-4
- USN-4360-1
- https://security.netapp.com/advisory/ntap-20210521-0001/
- GLSA-202006-13
- FEDORA-2020-7eb7eac270
- FEDORA-2020-63c6f4ab1d
- FEDORA-2020-847ad856ab
- [debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update
- [debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update
- https://github.com/rsyslog/libfastjson/issues/161
- https://github.com/json-c/json-c/pull/592
Modified: 2025-04-02
CVE-2021-32292
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.