CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2020-12762 – libfastjson: integer overflow and out-of-bounds write via a large JSON file
https://notcve.org/view.php?id=CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://github.com/json-c/json-c/pull/592 https://github.com/rsyslog/libfastjson/issues/161 https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-annou • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2013-6370 – json-c: buffer overflow if size_t is larger than int
https://notcve.org/view.php?id=CVE-2013-6370
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de buffer en las APIs printbuf en json-c anterior a 0.12 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html http://secunia.com/advisories/57791 http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/66720 https://bugzilla.redhat.com/show_bug.cgi?id=1032322 https://exchange.xforce.ibmcloud.com/vulnerabilities/92540 https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 https://access.redhat& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6371 – json-c: hash collision DoS
https://notcve.org/view.php?id=CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. La funcionalidad de hash en json-c anterior a 0.12 permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de datos JSON manipulados, involucrando colisiones. • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html http://secunia.com/advisories/57791 http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/66715 https://bugzilla.redhat.com/show_bug.cgi?id=1032311 https://exchange.xforce.ibmcloud.com/vulnerabilities/92541 https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 https://access.redhat& • CWE-310: Cryptographic Issues •