CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32292 – Ubuntu Security Notice USN-6310-1
https://notcve.org/view.php?id=CVE-2021-32292
22 Aug 2023 — An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Se descubrió un problema en json-c desde 20200420 (post 0.14 código no publicado) hasta 0.15-20200726. Existe un Desbordamiento de Búfer en el programa de ejemplo auxiliar json_parse que se encuentra en el análisis de funciones. It was discovered that json-c incorrectly handled certain JSON files... • https://github.com/json-c/json-c/issues/654 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2020-12762 – libfastjson: integer overflow and out-of-bounds write via a large JSON file
https://notcve.org/view.php?id=CVE-2020-12762
09 May 2020 — json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerab... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2013-6370 – json-c: buffer overflow if size_t is larger than int
https://notcve.org/view.php?id=CVE-2013-6370
17 Apr 2014 — Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de buffer en las APIs printbuf en json-c anterior a 0.12 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados. JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C represe... • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6371 – json-c: hash collision DoS
https://notcve.org/view.php?id=CVE-2013-6371
17 Apr 2014 — The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. La funcionalidad de hash en json-c anterior a 0.12 permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de datos JSON manipulados, involucrando colisiones. JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-forma... • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html • CWE-310: Cryptographic Issues •