MidnightBSD

Advisories for json-c_project

CVE-2020-12762 MEDIUM

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 30
fedoraproject fedora 32
canonical ubuntu_linux 20.04
debian debian_linux 10.0
canonical ubuntu_linux 14.04
siemens sinec_ins -
debian debian_linux 8.0
canonical ubuntu_linux 18.04
siemens sinec_ins 1.0
canonical ubuntu_linux 19.10
debian debian_linux 9.0
fedoraproject fedora 31
canonical ubuntu_linux 12.04
json-c_project json-c *
canonical ubuntu_linux 16.04
CVE-2021-32292

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
json-c_project json-c 0.15-20200726
netapp active_iq_unified_manager -