Lucene search
HistoryMar 21, 2014 - 1:04 a.m.
CVE-2013-6401
jansson
cve-2013-6401
json
denial of service
hash collision
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.1%
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
Affected configurations
Node
jansson_projectjanssonRange≤2.4
ORjansson_projectjanssonMatch2.0
ORjansson_projectjanssonMatch2.0.1
ORjansson_projectjanssonMatch2.1
ORjansson_projectjanssonMatch2.2
ORjansson_projectjanssonMatch2.2.1
ORjansson_projectjanssonMatch2.3
ORjansson_projectjanssonMatch2.3.1
Related
fedora
fedora
[SECURITY] Fedora 20 Update: jansson-2.6-1.fc20
2014-03-24 06:43:06
[SECURITY] Fedora 19 Update: jansson-2.6-1.fc19
2014-03-24 06:39:10
cvelist
cvelist
CVE-2013-6401
2014-03-20 18:00:00
nessus
nessus
Fedora 20 : jansson-2.6-1.fc20 (2014-3778)
2014-03-25 00:00:00
Fedora 19 : jansson-2.6-1.fc19 (2014-3782)
2014-03-25 00:00:00
openSUSE Security Update : libjansson (openSUSE-SU-2014:0394-1)
2014-06-13 00:00:00
prion
prion
Code injection
2014-03-21 01:04:00
openvas
openvas
Fedora Update for jansson FEDORA-2014-3782
2014-03-25 00:00:00
Fedora Update for jansson FEDORA-2014-3778
2014-03-25 00:00:00
Fedora Update for jansson FEDORA-2014-3782
2014-03-25 00:00:00
debiancve
debiancve
CVE-2013-6401
2014-03-21 01:04:00
nvd
nvd
CVE-2013-6401
2014-03-21 01:04:00
ubuntucve
ubuntucve
CVE-2013-6401
2014-03-21 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.1%
Related for CVE-2013-6401