Vulnerability CVE-2020-12762: Information

Description

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8)
Vector: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-12762
Published: May 9, 2020
Modified: Nov. 3, 2025
Error type identifier: CWE-190CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
json-csisyphus0.14-alt20.18-alt1ALT-PU-2020-2307-1254506Fixed
json-cp110.14-alt20.18-alt1ALT-PU-2020-2307-1254506Fixed
json-cp100.17-alt10.17-alt1ALT-PU-2023-6481-3332180Fixed
json-cp90.13.1-alt20.13.1-alt2ALT-PU-2020-2322-2254507Fixed
json-cc10f20.17-alt10.18-alt0.c10.1ALT-PU-2023-6480-3332181Fixed
json-cc9f20.13.1-alt20.13.1-alt2ALT-PU-2020-2322-2254507Fixed
libfastjsonsisyphus1.2304.0-alt11.2304.0-alt1ALT-PU-2023-6478-1332173Fixed
libfastjsonsisyphus_e2k1.2304.0-alt11.2304.0-alt1ALT-PU-2023-6539-1-Fixed
libfastjsonsisyphus_riscv641.2304.0-alt11.2304.0-alt1ALT-PU-2023-6534-1-Fixed
libfastjsonp111.2304.0-alt11.2304.0-alt1ALT-PU-2023-6478-1332173Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
  • Third Party Advisory
https://github.com/json-c/json-c/pull/592
  • Exploit
  • Patch
  • Third Party Advisory
https://github.com/rsyslog/libfastjson/issues/161
  • Exploit
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/
        https://security.gentoo.org/glsa/202006-13
        • Third Party Advisory
        https://security.netapp.com/advisory/ntap-20210521-0001/
        • Third Party Advisory
        https://usn.ubuntu.com/4360-1/
        • Third Party Advisory
        https://usn.ubuntu.com/4360-4/
        • Third Party Advisory
        https://www.debian.org/security/2020/dsa-4741
        • Third Party Advisory
        https://lists.debian.org/debian-lts-announce/2025/07/msg00021.html
          BDU:2021-03538
              1. cpe:2.3:a:json-c:json-c:*:*:*:*:*:*:*:*
                End excluding
                0.15-20200726
                cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
                cpe:2.3:a:siemens:sinec_ins:-:*:*:*:*:*:*:*
                cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
                cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
            Version: v26.2.2
            Back to top