Vulnerability CVE-2020-12762: Information
Description
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: May 9, 2020
Modified: Nov. 7, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
json-c | sisyphus | 0.14-alt2 | 0.17-alt1 | ALT-PU-2020-2307-1 | 254506 | Fixed |
json-c | p10 | 0.17-alt1 | 0.17-alt1 | ALT-PU-2023-6481-3 | 332180 | Fixed |
json-c | p9 | 0.13.1-alt2 | 0.13.1-alt2 | ALT-PU-2020-2322-2 | 254507 | Fixed |
json-c | c10f1 | 0.17-alt1 | 0.17-alt1 | ALT-PU-2023-6841-4 | 333296 | Fixed |
json-c | c9f2 | 0.13.1-alt2 | 0.13.1-alt2 | ALT-PU-2020-2322-2 | 254507 | Fixed |
libfastjson | sisyphus | 1.2304.0-alt1 | 1.2304.0-alt1 | ALT-PU-2023-6478-1 | 332173 | Fixed |
libfastjson | sisyphus_e2k | 1.2304.0-alt1 | 1.2304.0-alt1 | ALT-PU-2023-6539-1 | - | Fixed |
libfastjson | sisyphus_riscv64 | 1.2304.0-alt1 | 1.2304.0-alt1 | ALT-PU-2023-6534-1 | - | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/json-c/json-c/pull/592 |
|
https://github.com/rsyslog/libfastjson/issues/161 |
|
USN-4360-1 |
|
[debian-lts-announce] 20200531 [SECURITY] [DLA 2228-1] json-c security update |
|
[debian-lts-announce] 20200531 [SECURITY] [DLA 2228-2] json-c regression update |
|
USN-4360-4 |
|
GLSA-202006-13 |
|
[debian-lts-announce] 20200730 [SECURITY] [DLA 2301-1] json-c security update |
|
DSA-4741 |
|
https://security.netapp.com/advisory/ntap-20210521-0001/ |
|
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf |
|
[debian-lts-announce] 20230620 [SECURITY] [DLA 3461-1] libfastjson security update |
|
FEDORA-2020-63c6f4ab1d | |
FEDORA-2020-847ad856ab | |
FEDORA-2020-7eb7eac270 |