ID OPENVAS:1361412562310867704 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for json-c FEDORA-2014-5006
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.867704");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)");
script_cve_id("CVE-2013-6370", "CVE-2013-6371");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("Fedora Update for json-c FEDORA-2014-5006");
script_tag(name:"affected", value:"json-c on Fedora 20");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"FEDORA", value:"2014-5006");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'json-c'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC20");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC20")
{
if ((res = isrpmvuln(pkg:"json-c", rpm:"json-c~0.11~6.fc20", rls:"FC20")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310867704", "bulletinFamily": "scanner", "title": "Fedora Update for json-c FEDORA-2014-5006", "description": "The remote host is missing an update for the ", "published": "2014-04-21T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867704", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html", "2014-5006"], "cvelist": ["CVE-2013-6370", "CVE-2013-6371"], "type": "openvas", "lastseen": "2019-05-29T18:37:30", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-6370", "CVE-2013-6371"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check for the Version of json-c", "edition": 1, "enchantments": {"score": {"modified": "2018-04-06T11:12:02", "value": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N/"}}, "hash": "9ac752f31cc86cf851d5ee9ea6fa334b25e3192f116e784060fd0d7310d29ce7", "hashmap": [{"hash": "0bf06897e9c8fdbc884fa1fdb33d590e", "key": "title"}, {"hash": "8621aafa0f2e4298fcc34b8c422c2ec5", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "b934179a34cf69284d54ccb989e7eeea", "key": "sourceData"}, {"hash": "1db98585cae6ecdba96955347b9f9746", "key": "href"}, {"hash": "50007ca4d3b80818b8a6389d7acf128a", "key": "published"}, {"hash": "ff299c77bfec396e7c3ed16b959d6c5f", "key": "pluginID"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d472d5281b2b56b7fc3827c8b3fc7cb2", "key": "cvelist"}, {"hash": "e10d56b9c32fe960fc68c213c2343453", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867704", "id": "OPENVAS:1361412562310867704", "lastseen": "2018-04-06T11:12:02", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867704", "published": "2014-04-21T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html", "2014-5006"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867704\");\n script_version(\"$Revision: 9354 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n\n tag_insight = \"JSON-C implements a reference counting object model that allows you to easily\nconstruct JSON objects in C, output them as JSON formatted strings and parse\nJSON formatted strings back into the C representation of JSON objects.\n\";\n\n tag_affected = \"json-c on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5006\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_summary(\"Check for the Version of json-c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for json-c FEDORA-2014-5006", "type": "openvas", "viewCount": 0}, "differentElements": ["sourceData"], "edition": 1, "lastseen": "2018-04-06T11:12:02"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-6370", "CVE-2013-6371"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check for the Version of json-c", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97e6f202cfa59cf7fd2256f2c24597d5ec4e708a2e77f399a65138f903ff555c", "hashmap": [{"hash": "0bf06897e9c8fdbc884fa1fdb33d590e", "key": "title"}, {"hash": "8621aafa0f2e4298fcc34b8c422c2ec5", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "1db98585cae6ecdba96955347b9f9746", "key": "href"}, {"hash": "50007ca4d3b80818b8a6389d7acf128a", "key": "published"}, {"hash": "ff299c77bfec396e7c3ed16b959d6c5f", "key": "pluginID"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d472d5281b2b56b7fc3827c8b3fc7cb2", "key": "cvelist"}, {"hash": "e10d56b9c32fe960fc68c213c2343453", "key": "references"}, {"hash": "69f7620f11c37b99bcd8b4abb3efbb33", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867704", "id": "OPENVAS:1361412562310867704", "lastseen": "2018-04-09T11:12:52", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867704", "published": "2014-04-21T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html", "2014-5006"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867704\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n\n tag_insight = \"JSON-C implements a reference counting object model that allows you to easily\nconstruct JSON objects in C, output them as JSON formatted strings and parse\nJSON formatted strings back into the C representation of JSON objects.\n\";\n\n tag_affected = \"json-c on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5006\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of json-c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for json-c FEDORA-2014-5006", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-04-09T11:12:52"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-6370", "CVE-2013-6371"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check for the Version of json-c", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:54:34", "references": [{"idList": ["OPENVAS:1361412562310871185", "OPENVAS:1361412562310841858", "OPENVAS:1361412562310867760", "OPENVAS:1361412562310123360", "OPENVAS:867704", "OPENVAS:867760", "OPENVAS:1361412562310120085"], "type": "openvas"}, {"idList": ["ELSA-2014-0703"], "type": "oraclelinux"}, {"idList": ["USN-2245-1"], "type": "ubuntu"}, {"idList": ["RHSA-2014:0703"], "type": "redhat"}, {"idList": ["CVE-2013-6370", "CVE-2013-6371"], "type": "cve"}, {"idList": ["ALA_ALAS-2014-416.NASL", "FEDORA_2014-5006.NASL", "UBUNTU_USN-2245-1.NASL", "MANDRIVA_MDVSA-2014-079.NASL", "REDHAT-RHSA-2014-0703.NASL", "DB2_105FP4.NASL", "OPENSUSE-2014-317.NASL", "FEDORA_2014-4975.NASL", "MANDRIVA_MDVSA-2015-102.NASL", "ORACLELINUX_ELSA-2014-0703.NASL"], "type": "nessus"}, {"idList": ["ALAS-2014-416"], "type": "amazon"}, {"idList": ["SECURITYVULNS:DOC:30574", "SECURITYVULNS:VULN:13718"], "type": "securityvulns"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "97e6f202cfa59cf7fd2256f2c24597d5ec4e708a2e77f399a65138f903ff555c", "hashmap": [{"hash": "0bf06897e9c8fdbc884fa1fdb33d590e", "key": "title"}, {"hash": "8621aafa0f2e4298fcc34b8c422c2ec5", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "1db98585cae6ecdba96955347b9f9746", "key": "href"}, {"hash": "50007ca4d3b80818b8a6389d7acf128a", "key": "published"}, {"hash": "ff299c77bfec396e7c3ed16b959d6c5f", "key": "pluginID"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d472d5281b2b56b7fc3827c8b3fc7cb2", "key": "cvelist"}, {"hash": "e10d56b9c32fe960fc68c213c2343453", "key": "references"}, {"hash": "69f7620f11c37b99bcd8b4abb3efbb33", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867704", "id": "OPENVAS:1361412562310867704", "lastseen": "2018-09-01T23:54:34", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867704", "published": "2014-04-21T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html", "2014-5006"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867704\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n\n tag_insight = \"JSON-C implements a reference counting object model that allows you to easily\nconstruct JSON objects in C, output them as JSON formatted strings and parse\nJSON formatted strings back into the C representation of JSON objects.\n\";\n\n tag_affected = \"json-c on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5006\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of json-c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for json-c FEDORA-2014-5006", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:54:34"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-6370", "CVE-2013-6371"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check for the Version of json-c", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "66903a035456089466c1e857ff3fc3a0b560510f8bebd8400163d7130c734731", "hashmap": [{"hash": "0bf06897e9c8fdbc884fa1fdb33d590e", "key": "title"}, {"hash": "8621aafa0f2e4298fcc34b8c422c2ec5", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "1db98585cae6ecdba96955347b9f9746", "key": "href"}, {"hash": "50007ca4d3b80818b8a6389d7acf128a", "key": "published"}, {"hash": "ff299c77bfec396e7c3ed16b959d6c5f", "key": "pluginID"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d472d5281b2b56b7fc3827c8b3fc7cb2", "key": "cvelist"}, {"hash": "e10d56b9c32fe960fc68c213c2343453", "key": "references"}, {"hash": "69f7620f11c37b99bcd8b4abb3efbb33", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867704", "id": "OPENVAS:1361412562310867704", "lastseen": "2018-08-30T19:23:51", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867704", "published": "2014-04-21T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html", "2014-5006"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867704\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n\n tag_insight = \"JSON-C implements a reference counting object model that allows you to easily\nconstruct JSON objects in C, output them as JSON formatted strings and parse\nJSON formatted strings back into the C representation of JSON objects.\n\";\n\n tag_affected = \"json-c on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5006\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of json-c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for json-c FEDORA-2014-5006", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:23:51"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-6370", "CVE-2013-6371"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-18T14:37:47", "references": [{"idList": ["OPENVAS:1361412562310871185", "OPENVAS:1361412562310841858", "OPENVAS:1361412562310867760", "OPENVAS:1361412562310123360", "OPENVAS:867704", "OPENVAS:867760", "OPENVAS:1361412562310120085"], "type": "openvas"}, {"idList": ["ELSA-2014-0703"], "type": "oraclelinux"}, {"idList": ["USN-2245-1"], "type": "ubuntu"}, {"idList": ["RHSA-2014:0703"], "type": "redhat"}, {"idList": ["CVE-2013-6370", "CVE-2013-6371"], "type": "cve"}, {"idList": ["ALA_ALAS-2014-416.NASL", "FEDORA_2014-5006.NASL", "UBUNTU_USN-2245-1.NASL", "MANDRIVA_MDVSA-2014-079.NASL", "REDHAT-RHSA-2014-0703.NASL", "DB2_105FP4.NASL", "OPENSUSE-2014-317.NASL", "FEDORA_2014-4975.NASL", "MANDRIVA_MDVSA-2015-102.NASL", "ORACLELINUX_ELSA-2014-0703.NASL"], "type": "nessus"}, {"idList": ["ALAS-2014-416"], "type": "amazon"}, {"idList": ["SECURITYVULNS:DOC:30574", "SECURITYVULNS:VULN:13718"], "type": "securityvulns"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "f50773887e5091663d43cc13f84bb103f69de977c47a9995398631326f3c7bbc", "hashmap": [{"hash": "0bf06897e9c8fdbc884fa1fdb33d590e", "key": "title"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "1db98585cae6ecdba96955347b9f9746", "key": "href"}, {"hash": "50007ca4d3b80818b8a6389d7acf128a", "key": "published"}, {"hash": "ff299c77bfec396e7c3ed16b959d6c5f", "key": "pluginID"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "500118bdc5a2ae9856b45773e81c8bdd", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4525bc09d1c4c408a417a5eb7b850972", "key": "modified"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d472d5281b2b56b7fc3827c8b3fc7cb2", "key": "cvelist"}, {"hash": "e10d56b9c32fe960fc68c213c2343453", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867704", "id": "OPENVAS:1361412562310867704", "lastseen": "2019-03-18T14:37:47", "modified": "2019-03-15T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867704", "published": "2014-04-21T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html", "2014-5006"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867704\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n script_tag(name:\"affected\", value:\"json-c on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5006\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'json-c'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for json-c FEDORA-2014-5006", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-03-18T14:37:47"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d472d5281b2b56b7fc3827c8b3fc7cb2"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "1db98585cae6ecdba96955347b9f9746"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "ff299c77bfec396e7c3ed16b959d6c5f"}, {"key": "published", "hash": "50007ca4d3b80818b8a6389d7acf128a"}, {"key": "references", "hash": "e10d56b9c32fe960fc68c213c2343453"}, {"key": "reporter", "hash": "06df9aea2d851c3b10ab498f59f0777d"}, {"key": "sourceData", "hash": "500118bdc5a2ae9856b45773e81c8bdd"}, {"key": "title", "hash": "0bf06897e9c8fdbc884fa1fdb33d590e"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "bb9501eb18f7fc79094e361c90fbc9a2fe2c9fb6fd43f214961688f7337863af", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-6371", "CVE-2013-6370"]}, {"type": "ubuntu", "idList": ["USN-2245-1"]}, {"type": "redhat", "idList": ["RHSA-2014:0703"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30574", "SECURITYVULNS:VULN:13718"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2245-1.NASL", "REDHAT-RHSA-2014-0703.NASL", "OPENSUSE-2014-317.NASL", "MANDRIVA_MDVSA-2015-102.NASL", "FEDORA_2014-5006.NASL", "ORACLELINUX_ELSA-2014-0703.NASL", "ALA_ALAS-2014-416.NASL", "MANDRIVA_MDVSA-2014-079.NASL", "FEDORA_2014-4975.NASL", "DB2_105FP4.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0703"]}, {"type": "openvas", "idList": ["OPENVAS:867704", "OPENVAS:1361412562310120085", "OPENVAS:1361412562310123360", "OPENVAS:1361412562310867760", "OPENVAS:1361412562310871185", "OPENVAS:1361412562310841858", "OPENVAS:867760"]}, {"type": "amazon", "idList": ["ALAS-2014-416"]}], "modified": "2019-05-29T18:37:30"}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:37:30"}, "vulnersScore": 5.9}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867704\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n script_tag(name:\"affected\", value:\"json-c on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5006\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'json-c'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310867704", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.", "modified": "2017-08-29T01:33:00", "id": "CVE-2013-6370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6370", "published": "2014-04-22T13:06:00", "title": "CVE-2013-6370", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.", "modified": "2017-08-29T01:33:00", "id": "CVE-2013-6371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6371", "published": "2014-04-22T13:06:00", "title": "CVE-2013-6371", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-07-04T00:00:00", "id": "OPENVAS:1361412562310871185", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871185", "title": "RedHat Update for json-c RHSA-2014:0703-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for json-c RHSA-2014:0703-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871185\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:50 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for json-c RHSA-2014:0703-01\");\n\n\n script_tag(name:\"affected\", value:\"json-c on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"JSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON-formatted strings,\nand parse JSON-formatted strings back into the C representation of\nJSON objects.\n\nMultiple buffer overflow flaws were found in the way the json-c library\nhandled long strings in JSON documents. An attacker able to make an\napplication using json-c parse excessively large JSON input could cause the\napplication to crash. (CVE-2013-6370)\n\nA denial of service flaw was found in the implementation of hash arrays in\njson-c. An attacker could use this flaw to make an application using json-c\nconsume an excessive amount of CPU time by providing a specially crafted\nJSON document that triggers multiple hash function collisions. To mitigate\nthis issue, json-c now uses a different hash function and randomization to\nreduce the chance of an attacker successfully causing intentional\ncollisions. (CVE-2013-6371)\n\nThese issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nAll json-c users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0703-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00027.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'json-c'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~4.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"json-c-debuginfo\", rpm:\"json-c-debuginfo~0.11~4.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310841858", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841858", "title": "Ubuntu Update for json-c USN-2245-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2245_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for json-c USN-2245-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841858\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:06:07 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for json-c USN-2245-1\");\n\n script_tag(name:\"affected\", value:\"json-c on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Florian Weimer discovered that json-c incorrectly handled\nbuffer lengths. An attacker could use this issue with a specially-crafted large\nJSON document to cause json-c to crash, resulting in a denial of service.\n(CVE-2013-6370)\n\nFlorian Weimer discovered that json-c incorrectly handled hash arrays. An\nattacker could use this issue with a specially-crafted JSON document to\ncause json-c to consume CPU resources, resulting in a denial of service.\n(CVE-2013-6371)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2245-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2245-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'json-c'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjson0:i386\", ver:\"0.11-3ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjson0\", ver:\"0.9-1ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjson0:i386\", ver:\"0.11-2ubuntu1.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:49:04", "bulletinFamily": "scanner", "description": "Check for the Version of json-c", "modified": "2017-07-10T00:00:00", "published": "2014-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867760", "id": "OPENVAS:867760", "title": "Fedora Update for json-c FEDORA-2014-4975", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-4975\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867760);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:14:53 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-4975\");\n\n tag_insight = \"JSON-C implements a reference counting object model that allows you to easily\nconstruct JSON objects in C, output them as JSON formatted strings and parse\nJSON formatted strings back into the C representation of JSON objects.\n\";\n\n tag_affected = \"json-c on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4975\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132294.html\");\n script_summary(\"Check for the Version of json-c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-05-05T00:00:00", "id": "OPENVAS:1361412562310867760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867760", "title": "Fedora Update for json-c FEDORA-2014-4975", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-4975\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867760\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:14:53 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-4975\");\n script_tag(name:\"affected\", value:\"json-c on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4975\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132294.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'json-c'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0703", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123360", "title": "Oracle Linux Local Check: ELSA-2014-0703", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0703.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123360\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:45 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0703\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0703 - json-c security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0703\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0703.html\");\n script_cve_id(\"CVE-2013-6371\", \"CVE-2013-6370\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~4.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"json-c-devel\", rpm:\"json-c-devel~0.11~4.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"json-c-doc\", rpm:\"json-c-doc~0.11~4.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:43", "bulletinFamily": "scanner", "description": "Check for the Version of json-c", "modified": "2017-07-10T00:00:00", "published": "2014-04-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867704", "id": "OPENVAS:867704", "title": "Fedora Update for json-c FEDORA-2014-5006", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for json-c FEDORA-2014-5006\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867704);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:59 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for json-c FEDORA-2014-5006\");\n\n tag_insight = \"JSON-C implements a reference counting object model that allows you to easily\nconstruct JSON objects in C, output them as JSON formatted strings and parse\nJSON formatted strings back into the C representation of JSON objects.\n\";\n\n tag_affected = \"json-c on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5006\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\");\n script_summary(\"Check for the Version of json-c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120085", "title": "Amazon Linux Local Check: ALAS-2014-416", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-416.nasl 6750 2017-07-18 09:56:47Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120085\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:05 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-416\");\n script_tag(name:\"insight\", value:\"The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.\");\n script_tag(name:\"solution\", value:\"Run yum update json-c to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-416.html\");\n script_cve_id(\"CVE-2013-6371\", \"CVE-2013-6370\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"json-c-debuginfo\", rpm:\"json-c-debuginfo~0.11~6.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"json-c\", rpm:\"json-c~0.11~6.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"json-c-doc\", rpm:\"json-c-doc~0.11~6.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:35", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nThe hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.\n\nBuffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.\n\n \n**Affected Packages:** \n\n\njson-c\n\n \n**Issue Correction:** \nRun _yum update json-c_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n json-c-debuginfo-0.11-6.8.amzn1.i686 \n json-c-0.11-6.8.amzn1.i686 \n json-c-devel-0.11-6.8.amzn1.i686 \n \n noarch: \n json-c-doc-0.11-6.8.amzn1.noarch \n \n src: \n json-c-0.11-6.8.amzn1.src \n \n x86_64: \n json-c-debuginfo-0.11-6.8.amzn1.x86_64 \n json-c-0.11-6.8.amzn1.x86_64 \n json-c-devel-0.11-6.8.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T12:11:00", "published": "2014-09-19T12:11:00", "id": "ALAS-2014-416", "href": "https://alas.aws.amazon.com/ALAS-2014-416.html", "title": "Medium: json-c", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-12-13T08:05:52", "bulletinFamily": "scanner", "description": "Updated json-c packages fix security vulnerabilities :\n\nFlorian Weimer reported that the printbuf APIs used in the json-c\nlibrary used ints for counting buffer lengths, which is inappropriate\nfor 32bit architectures. These functions need to be changed to using\nsize_t if possible for sizes, or to be hardened against negative\nvalues if not. This could be used to cause a denial of service in an\napplication linked to the json-c library (CVE-2013-6370).\n\nFlorian Weimer reported that the hash function in the json-c library\nwas weak, and that parsing smallish JSON strings showed quadratic\ntiming behaviour. This could cause an application linked to the json-c\nlibrary, and that processes some specially crafted JSON data, to use\nexcessive amounts of CPU (CVE-2013-6371).", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-079.NASL", "href": "https://www.tenable.com/plugins/nessus/73604", "published": "2014-04-18T00:00:00", "title": "Mandriva Linux Security Advisory : json-c (MDVSA-2014:079)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:079. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73604);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/08/02 13:32:55\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_xref(name:\"MDVSA\", value:\"2014:079\");\n\n script_name(english:\"Mandriva Linux Security Advisory : json-c (MDVSA-2014:079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated json-c packages fix security vulnerabilities :\n\nFlorian Weimer reported that the printbuf APIs used in the json-c\nlibrary used ints for counting buffer lengths, which is inappropriate\nfor 32bit architectures. These functions need to be changed to using\nsize_t if possible for sizes, or to be hardened against negative\nvalues if not. This could be used to cause a denial of service in an\napplication linked to the json-c library (CVE-2013-6370).\n\nFlorian Weimer reported that the hash function in the json-c library\nwas weak, and that parsing smallish JSON strings showed quadratic\ntiming behaviour. This could cause an application linked to the json-c\nlibrary, and that processes some specially crafted JSON data, to use\nexcessive amounts of CPU (CVE-2013-6371).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0175.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64json-devel and / or lib64json2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64json-devel-0.11-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64json2-0.11-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T07:03:59", "bulletinFamily": "scanner", "description": "Address CVE-2013-6370 and CVE-2013-6371.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2014-4975.NASL", "href": "https://www.tenable.com/plugins/nessus/73772", "published": "2014-04-30T00:00:00", "title": "Fedora 19 : json-c-0.11-6.fc19 (2014-4975)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4975.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73772);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:18 $\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_bugtraq_id(66715, 66720);\n script_xref(name:\"FEDORA\", value:\"2014-4975\");\n\n script_name(english:\"Fedora 19 : json-c-0.11-6.fc19 (2014-4975)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Address CVE-2013-6370 and CVE-2013-6371.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1032311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1032322\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28bc49f7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected json-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:json-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"json-c-0.11-6.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"json-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T06:38:59", "bulletinFamily": "scanner", "description": "The hash functionality in json-c before 0.12 allows context-dependent\nattackers to cause a denial of service (CPU consumption) via crafted\nJSON data, involving collisions.\n\nBuffer overflow in the printbuf APIs in json-c before 0.12 allows\nremote attackers to cause a denial of service via unspecified vectors.", "modified": "2019-12-02T00:00:00", "id": "ALA_ALAS-2014-416.NASL", "href": "https://www.tenable.com/plugins/nessus/78359", "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : json-c (ALAS-2014-416)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-416.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78359);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_xref(name:\"ALAS\", value:\"2014-416\");\n\n script_name(english:\"Amazon Linux AMI : json-c (ALAS-2014-416)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The hash functionality in json-c before 0.12 allows context-dependent\nattackers to cause a denial of service (CPU consumption) via crafted\nJSON data, involving collisions.\n\nBuffer overflow in the printbuf APIs in json-c before 0.12 allows\nremote attackers to cause a denial of service via unspecified vectors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-416.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update json-c' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:json-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:json-c-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:json-c-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:json-c-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"json-c-0.11-6.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"json-c-debuginfo-0.11-6.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"json-c-devel-0.11-6.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"json-c-doc-0.11-6.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"json-c / json-c-debuginfo / json-c-devel / json-c-doc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T08:41:22", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0703 :\n\nUpdated json-c packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON-formatted\nstrings, and parse JSON-formatted strings back into the C\nrepresentation of JSON objects.\n\nMultiple buffer overflow flaws were found in the way the json-c\nlibrary handled long strings in JSON documents. An attacker able to\nmake an application using json-c parse excessively large JSON input\ncould cause the application to crash. (CVE-2013-6370)\n\nA denial of service flaw was found in the implementation of hash\narrays in json-c. An attacker could use this flaw to make an\napplication using json-c consume an excessive amount of CPU time by\nproviding a specially crafted JSON document that triggers multiple\nhash function collisions. To mitigate this issue, json-c now uses a\ndifferent hash function and randomization to reduce the chance of an\nattacker successfully causing intentional collisions. (CVE-2013-6371)\n\nThese issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nAll json-c users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2014-0703.NASL", "href": "https://www.tenable.com/plugins/nessus/76736", "published": "2014-07-24T00:00:00", "title": "Oracle Linux 7 : json-c (ELSA-2014-0703)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0703 and \n# Oracle Linux Security Advisory ELSA-2014-0703 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76736);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/30 10:58:19\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_bugtraq_id(66715, 66720);\n script_xref(name:\"RHSA\", value:\"2014:0703\");\n\n script_name(english:\"Oracle Linux 7 : json-c (ELSA-2014-0703)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0703 :\n\nUpdated json-c packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON-formatted\nstrings, and parse JSON-formatted strings back into the C\nrepresentation of JSON objects.\n\nMultiple buffer overflow flaws were found in the way the json-c\nlibrary handled long strings in JSON documents. An attacker able to\nmake an application using json-c parse excessively large JSON input\ncould cause the application to crash. (CVE-2013-6370)\n\nA denial of service flaw was found in the implementation of hash\narrays in json-c. An attacker could use this flaw to make an\napplication using json-c consume an excessive amount of CPU time by\nproviding a specially crafted JSON document that triggers multiple\nhash function collisions. To mitigate this issue, json-c now uses a\ndifferent hash function and randomization to reduce the chance of an\nattacker successfully causing intentional collisions. (CVE-2013-6371)\n\nThese issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nAll json-c users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004279.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected json-c packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:json-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:json-c-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:json-c-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"json-c-0.11-4.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"json-c-devel-0.11-4.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"json-c-doc-0.11-4.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"json-c / json-c-devel / json-c-doc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T07:03:59", "bulletinFamily": "scanner", "description": "Address CVE-2013-6370 and CVE-2013-6371.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2014-5006.NASL", "href": "https://www.tenable.com/plugins/nessus/73603", "published": "2014-04-18T00:00:00", "title": "Fedora 20 : json-c-0.11-6.fc20 (2014-5006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5006.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73603);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:18 $\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_xref(name:\"FEDORA\", value:\"2014-5006\");\n\n script_name(english:\"Fedora 20 : json-c-0.11-6.fc20 (2014-5006)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Address CVE-2013-6370 and CVE-2013-6371.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1032311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1032322\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38d401b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected json-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:json-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"json-c-0.11-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"json-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T08:53:43", "bulletinFamily": "scanner", "description": "Updated json-c packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON-formatted\nstrings, and parse JSON-formatted strings back into the C\nrepresentation of JSON objects.\n\nMultiple buffer overflow flaws were found in the way the json-c\nlibrary handled long strings in JSON documents. An attacker able to\nmake an application using json-c parse excessively large JSON input\ncould cause the application to crash. (CVE-2013-6370)\n\nA denial of service flaw was found in the implementation of hash\narrays in json-c. An attacker could use this flaw to make an\napplication using json-c consume an excessive amount of CPU time by\nproviding a specially crafted JSON document that triggers multiple\nhash function collisions. To mitigate this issue, json-c now uses a\ndifferent hash function and randomization to reduce the chance of an\nattacker successfully causing intentional collisions. (CVE-2013-6371)\n\nThese issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nAll json-c users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2014-0703.NASL", "href": "https://www.tenable.com/plugins/nessus/76898", "published": "2014-07-30T00:00:00", "title": "RHEL 7 : json-c (RHSA-2014:0703)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0703. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76898);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:38\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_bugtraq_id(66715, 66720);\n script_xref(name:\"RHSA\", value:\"2014:0703\");\n\n script_name(english:\"RHEL 7 : json-c (RHSA-2014:0703)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated json-c packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON-formatted\nstrings, and parse JSON-formatted strings back into the C\nrepresentation of JSON objects.\n\nMultiple buffer overflow flaws were found in the way the json-c\nlibrary handled long strings in JSON documents. An attacker able to\nmake an application using json-c parse excessively large JSON input\ncould cause the application to crash. (CVE-2013-6370)\n\nA denial of service flaw was found in the implementation of hash\narrays in json-c. An attacker could use this flaw to make an\napplication using json-c consume an excessive amount of CPU time by\nproviding a specially crafted JSON document that triggers multiple\nhash function collisions. To mitigate this issue, json-c now uses a\ndifferent hash function and randomization to reduce the chance of an\nattacker successfully causing intentional collisions. (CVE-2013-6371)\n\nThese issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nAll json-c users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6370\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:json-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:json-c-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:json-c-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:json-c-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0703\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"json-c-0.11-4.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"json-c-debuginfo-0.11-4.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"json-c-devel-0.11-4.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"json-c-doc-0.11-4.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"json-c / json-c-debuginfo / json-c-devel / json-c-doc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T08:15:52", "bulletinFamily": "scanner", "description": "This json-c update fixes the following two security issue :\n\n - bnc#870147: Fixed buffer overflow if size_t is larger\n than int (CVE-2013-6370).\n\n - bnc#870147: Fixed possible hash collision DoS\n (CVE-2013-6371).", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2014-317.NASL", "href": "https://www.tenable.com/plugins/nessus/75330", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : json-c (openSUSE-SU-2014:0558-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-317.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75330);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_bugtraq_id(66715, 66720);\n\n script_name(english:\"openSUSE Security Update : json-c (openSUSE-SU-2014:0558-1)\");\n script_summary(english:\"Check for the openSUSE-2014-317 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This json-c update fixes the following two security issue :\n\n - bnc#870147: Fixed buffer overflow if size_t is larger\n than int (CVE-2013-6370).\n\n - bnc#870147: Fixed possible hash collision DoS\n (CVE-2013-6371).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00059.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected json-c packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:json-c-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjson-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjson0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjson0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjson0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjson0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"json-c-debugsource-0.9-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libjson-devel-0.9-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libjson0-0.9-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libjson0-debuginfo-0.9-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libjson0-32bit-0.9-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libjson0-debuginfo-32bit-0.9-13.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"json-c-debugsource-0.10-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libjson-devel-0.10-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libjson0-0.10-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libjson0-debuginfo-0.10-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libjson0-32bit-0.10-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libjson0-debuginfo-32bit-0.10-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"json-c-debugsource / libjson-devel / libjson0 / libjson0-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T09:45:01", "bulletinFamily": "scanner", "description": "Florian Weimer discovered that json-c incorrectly handled buffer\nlengths. An attacker could use this issue with a specially crafted\nlarge JSON document to cause json-c to crash, resulting in a denial of\nservice. (CVE-2013-6370)\n\nFlorian Weimer discovered that json-c incorrectly handled hash arrays.\nAn attacker could use this issue with a specially crafted JSON\ndocument to cause json-c to consume CPU resources, resulting in a\ndenial of service. (CVE-2013-6371).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-2245-1.NASL", "href": "https://www.tenable.com/plugins/nessus/74509", "published": "2014-06-13T00:00:00", "title": "Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : json-c vulnerabilities (USN-2245-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2245-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74509);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:30\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_bugtraq_id(66715, 66720);\n script_xref(name:\"USN\", value:\"2245-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : json-c vulnerabilities (USN-2245-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Florian Weimer discovered that json-c incorrectly handled buffer\nlengths. An attacker could use this issue with a specially crafted\nlarge JSON document to cause json-c to crash, resulting in a denial of\nservice. (CVE-2013-6370)\n\nFlorian Weimer discovered that json-c incorrectly handled hash arrays.\nAn attacker could use this issue with a specially crafted JSON\ndocument to cause json-c to consume CPU resources, resulting in a\ndenial of service. (CVE-2013-6371).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2245-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libjson0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjson0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libjson0\", pkgver:\"0.9-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libjson0\", pkgver:\"0.11-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libjson0\", pkgver:\"0.11-3ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjson0\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T08:05:57", "bulletinFamily": "scanner", "description": "Updated json-c packages fix security vulnerabilities :\n\nFlorian Weimer reported that the printbuf APIs used in the json-c\nlibrary used ints for counting buffer lengths, which is inappropriate\nfor 32bit architectures. These functions need to be changed to using\nsize_t if possible for sizes, or to be hardened against negative\nvalues if not. This could be used to cause a denial of service in an\napplication linked to the json-c library (CVE-2013-6370).\n\nFlorian Weimer reported that the hash function in the json-c library\nwas weak, and that parsing smallish JSON strings showed quadratic\ntiming behaviour. This could cause an application linked to the json-c\nlibrary, and that processes some specially crafted JSON data, to use\nexcessive amounts of CPU (CVE-2013-6371).", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2015-102.NASL", "href": "https://www.tenable.com/plugins/nessus/82355", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : json-c (MDVSA-2015:102)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:102. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82355);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2013-6370\", \"CVE-2013-6371\");\n script_xref(name:\"MDVSA\", value:\"2015:102\");\n\n script_name(english:\"Mandriva Linux Security Advisory : json-c (MDVSA-2015:102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated json-c packages fix security vulnerabilities :\n\nFlorian Weimer reported that the printbuf APIs used in the json-c\nlibrary used ints for counting buffer lengths, which is inappropriate\nfor 32bit architectures. These functions need to be changed to using\nsize_t if possible for sizes, or to be hardened against negative\nvalues if not. This could be used to cause a denial of service in an\napplication linked to the json-c library (CVE-2013-6370).\n\nFlorian Weimer reported that the hash function in the json-c library\nwas weak, and that parsing smallish JSON strings showed quadratic\ntiming behaviour. This could cause an application linked to the json-c\nlibrary, and that processes some specially crafted JSON data, to use\nexcessive amounts of CPU (CVE-2013-6371).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0175.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64json-devel and / or lib64json2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64json-devel-0.11-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64json2-0.11-4.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T06:46:39", "bulletinFamily": "scanner", "description": "According to its version, the installation of IBM DB2 10.5 running on\nthe remote host is affected by the following vulnerabilities :\n\n - An error exists related to JavaScript Object Notation\n (JSON-C) handling, string parsing, and the hash function\n that allows denial of service attacks. (CVE-2013-6371)\n\n - A buffer overflow error exists related to handling\n ", "modified": "2019-12-02T00:00:00", "id": "DB2_105FP4.NASL", "href": "https://www.tenable.com/plugins/nessus/77571", "published": "2014-09-09T00:00:00", "title": "IBM DB2 10.5 < Fix Pack 4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77571);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\n \"CVE-2013-6371\",\n \"CVE-2014-3094\",\n \"CVE-2014-3095\",\n \"CVE-2014-4805\"\n );\n script_bugtraq_id(66715, 69541, 69546, 69550);\n\n script_name(english:\"IBM DB2 10.5 < Fix Pack 4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the DB2 signature.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 10.5 running on\nthe remote host is affected by the following vulnerabilities :\n\n - An error exists related to JavaScript Object Notation\n (JSON-C) handling, string parsing, and the hash function\n that allows denial of service attacks. (CVE-2013-6371)\n\n - A buffer overflow error exists related to handling\n 'ALTER MODULE' statements that could lead to server\n crashes or arbitrary code execution. (CVE-2014-3094)\n\n - An error exists related to handling 'SELECT' statements\n having subqueries using 'UNION' that allows denial\n of service attacks. (CVE-2014-3095)\n\n - An error exists related to Columnar Data Engine (CDE)\n tables and 'LOAD' statement handling that allows local\n information disclosure. (CVE-2014-4805)\");\n # Advisory\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21647054#4\");\n # Download\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24038261\");\n # CVE-2013-6371\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IT02201\");\n # CVE-2014-3094\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21681631\");\n # CVE-2014-3095\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433\");\n # CVE-2014-4805\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21681723\");\n script_set_attribute(attribute:\"solution\", value:\"Apply IBM DB2 version 10.5 Fix Pack 4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\napp_name = \"DB2\";\n\nlevel = get_kb_item_or_exit(app_name + \"/\" + port + \"/Level\");\nif (level !~ \"^10\\.5\\.\") audit(AUDIT_NOT_LISTEN, app_name + \" 10.5.x\", port);\n\nplatform = get_kb_item_or_exit(app_name+\"/\"+port+\"/Platform\");\nplatform_name = get_kb_item(app_name+\"/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '10.5.400.191';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '10.5.0.4';\n if (level =~ \"^10\\.5\\.0\\.([0-3]|3a)$\")\n vuln = TRUE;\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, level);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "unix", "description": "[0.11-4]\n- fix has collision CVE-2013-6371\n- fix buffer overflow CVE-2013-6370\n- enable upstream test suite", "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "ELSA-2014-0703", "href": "http://linux.oracle.com/errata/ELSA-2014-0703.html", "title": "json-c security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Buffer overflow, weak hashing algorithm.", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13718", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13718", "title": "json-c security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:079\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : json-c\r\n Date : April 17, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated json-c packages fix security vulnerabilities:\r\n \r\n Florian Weimer reported that the printbuf APIs used in the json-c\r\n library used ints for counting buffer lengths, which is inappropriate\r\n for 32bit architectures. These functions need to be changed to using\r\n size_t if possible for sizes, or to be hardened against negative\r\n values if not. This could be used to cause a denial of service in\r\n an application linked to the json-c library (CVE-2013-6370).\r\n \r\n Florian Weimer reported that the hash function in the json-c library\r\n was weak, and that parsing smallish JSON strings showed quadratic\r\n timing behaviour. This could cause an application linked to the json-c\r\n library, and that processes some specially-crafted JSON data, to use\r\n excessive amounts of CPU (CVE-2013-6371).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6370\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6371\r\n http://advisories.mageia.org/MGASA-2014-0175.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n f799ac04871a5044f8c8c4802f29f33a mbs1/x86_64/lib64json2-0.11-1.1.mbs1.x86_64.rpm\r\n 9c7a7e290ebd91a7fc071f04e0abe340 mbs1/x86_64/lib64json-devel-0.11-1.1.mbs1.x86_64.rpm \r\n f3c134fa6a2ee59590340ab94dfa079d mbs1/SRPMS/json-c-0.11-1.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFTT25hmqjQ0CJFipgRAiCsAKDukGqFeJiMsBbFkKLduwPKmK5vaACeOi8x\r\n8n0L54QMeZ9zebZ1tBsdKBU=\r\n=5cUL\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30574", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30574", "title": "[ MDVSA-2014:079 ] json-c", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "description": "JSON-C implements a reference counting object model that allows you to\neasily construct JSON objects in C, output them as JSON-formatted strings,\nand parse JSON-formatted strings back into the C representation of\nJSON objects.\n\nMultiple buffer overflow flaws were found in the way the json-c library\nhandled long strings in JSON documents. An attacker able to make an\napplication using json-c parse excessively large JSON input could cause the\napplication to crash. (CVE-2013-6370)\n\nA denial of service flaw was found in the implementation of hash arrays in\njson-c. An attacker could use this flaw to make an application using json-c\nconsume an excessive amount of CPU time by providing a specially crafted\nJSON document that triggers multiple hash function collisions. To mitigate\nthis issue, json-c now uses a different hash function and randomization to\nreduce the chance of an attacker successfully causing intentional\ncollisions. (CVE-2013-6371)\n\nThese issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nAll json-c users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-04-12T03:32:37", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0703", "href": "https://access.redhat.com/errata/RHSA-2014:0703", "type": "redhat", "title": "(RHSA-2014:0703) Moderate: json-c security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:29", "bulletinFamily": "unix", "description": "Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. (CVE-2013-6370)\n\nFlorian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. (CVE-2013-6371)", "modified": "2014-06-12T00:00:00", "published": "2014-06-12T00:00:00", "id": "USN-2245-1", "href": "https://usn.ubuntu.com/2245-1/", "title": "json-c vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
