All errata/p10_e2k/ALT-PU-2023-7041-1
ALT-PU-2023-7041-1

Package update json-c in branch p10_e2k

Version0.17-alt1
Task#0
Published2023-11-07
Max severityCRITICAL
Severity:

Closed issues (2)

BDU:2023-05198
CRITICAL9.8

Уязвимость функции parseit библиотеки для обработки JSON файлов JSON-C, позволяющая нарушителю выполнить произвольный код

Published: 2023-09-05Modified: 2023-11-13
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2021-32292
CRITICAL9.8

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.

Published: 2023-08-22Modified: 2025-06-25
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References