Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-416
HistorySep 18, 2014 - 9:04 p.m.

Medium: json-c

2014-09-1821:04:00
alas.aws.amazon.com
16

0.013 Low

EPSS

Percentile

85.8%

JSON

Issue Overview:

The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

Affected Packages:

json-c

Issue Correction:
Run yum update json-c to update your system.

New Packages:

i686:  
    json-c-debuginfo-0.11-6.8.amzn1.i686  
    json-c-0.11-6.8.amzn1.i686  
    json-c-devel-0.11-6.8.amzn1.i686  
  
noarch:  
    json-c-doc-0.11-6.8.amzn1.noarch  
  
src:  
    json-c-0.11-6.8.amzn1.src  
  
x86_64:  
    json-c-debuginfo-0.11-6.8.amzn1.x86_64  
    json-c-0.11-6.8.amzn1.x86_64  
    json-c-devel-0.11-6.8.amzn1.x86_64

Additional References

Red Hat: CVE-2013-6370, CVE-2013-6371

Mitre: CVE-2013-6370, CVE-2013-6371

Related

oraclelinux 1
openvas 9
nessus 10
ubuntu 1
securityvulns 2
fedora 2
redhat 1
mageia 1
cvelist 2
prion 2
veracode 2
debiancve 2
ibm 1
cve 2
ubuntucve 2
oraclelinux
oraclelinux
json-c security update
2014-07-23 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-0703)
2015-10-06 00:00:00
Fedora Update for json-c FEDORA-2014-4975
2014-05-05 00:00:00
Fedora Update for json-c FEDORA-2014-5006
2014-04-21 00:00:00
nessus
nessus
Oracle Linux 7 : json-c (ELSA-2014-0703)
2014-07-24 00:00:00
Fedora 20 : json-c-0.11-6.fc20 (2014-5006)
2014-04-18 00:00:00
RHEL 7 : json-c (RHSA-2014:0703)
2014-07-30 00:00:00
ubuntu
ubuntu
json-c vulnerabilities
2014-06-12 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:079 ] json-c
2014-05-04 00:00:00
json-c security vulnerabilities
2014-05-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: json-c-0.11-6.fc19
2014-04-30 04:07:35
[SECURITY] Fedora 20 Update: json-c-0.11-6.fc20
2014-04-17 06:04:13
redhat
redhat
(RHSA-2014:0703) Moderate: json-c security update
2014-06-10 00:00:00
mageia
mageia
Updated json-c packages fix security vulnerabilities
2014-04-16 17:08:14
cvelist
cvelist
CVE-2013-6371
2014-04-21 14:00:00
CVE-2013-6370
2014-04-21 14:00:00
prion
prion
Buffer overflow
2014-04-22 13:06:00
Design/Logic Flaw
2014-04-22 13:06:00
veracode
veracode
Denial Of Service (DoS)
2023-10-06 11:23:48
Denial Of Service (DoS)
2023-10-06 11:43:02
debiancve
debiancve
CVE-2013-6370
2014-04-22 13:06:00
CVE-2013-6371
2014-04-22 13:06:00
ibm
ibm
Security Bulletin: IBM® DB2® LUW is affected by the JSON-C vulnerability (CVE-2013-6371)
2018-06-16 13:06:59
cve
cve
CVE-2013-6370
2014-04-22 13:06:00
CVE-2013-6371
2014-04-22 13:06:00
ubuntucve
ubuntucve
CVE-2013-6370
2014-04-08 00:00:00
CVE-2013-6371
2014-04-08 00:00:00

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for ALAS-2014-416
oraclelinux1openvas9nessus10ubuntu1securityvulns2fedora2redhat1mageia1cvelist2prion2veracode2debiancve2ibm1cve2ubuntucve2