5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
86.5%
JSON-C implements a reference counting object model that allows you to
easily construct JSON objects in C, output them as JSON-formatted strings,
and parse JSON-formatted strings back into the C representation of
JSON objects.
Multiple buffer overflow flaws were found in the way the json-c library
handled long strings in JSON documents. An attacker able to make an
application using json-c parse excessively large JSON input could cause the
application to crash. (CVE-2013-6370)
A denial of service flaw was found in the implementation of hash arrays in
json-c. An attacker could use this flaw to make an application using json-c
consume an excessive amount of CPU time by providing a specially crafted
JSON document that triggers multiple hash function collisions. To mitigate
this issue, json-c now uses a different hash function and randomization to
reduce the chance of an attacker successfully causing intentional
collisions. (CVE-2013-6371)
These issues were discovered by Florian Weimer of the Red Hat Product
Security Team.
All json-c users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | ppc64 | json-c-debuginfo | < 0.11-4.el7_0 | json-c-debuginfo-0.11-4.el7_0.ppc64.rpm |
RedHat | 7 | src | json-c | < 0.11-4.el7_0 | json-c-0.11-4.el7_0.src.rpm |
RedHat | 7 | i686 | json-c-devel | < 0.11-4.el7_0 | json-c-devel-0.11-4.el7_0.i686.rpm |
RedHat | 7 | ppc64 | json-c | < 0.11-4.el7_0 | json-c-0.11-4.el7_0.ppc64.rpm |
RedHat | 7 | ppc | json-c-devel | < 0.11-4.el7_0 | json-c-devel-0.11-4.el7_0.ppc.rpm |
RedHat | 7 | x86_64 | json-c | < 0.11-4.el7_0 | json-c-0.11-4.el7_0.x86_64.rpm |
RedHat | 7 | s390 | json-c-debuginfo | < 0.11-4.el7_0 | json-c-debuginfo-0.11-4.el7_0.s390.rpm |
RedHat | 7 | s390 | json-c-devel | < 0.11-4.el7_0 | json-c-devel-0.11-4.el7_0.s390.rpm |
RedHat | 7 | i686 | json-c | < 0.11-4.el7_0 | json-c-0.11-4.el7_0.i686.rpm |
RedHat | 7 | ppc64 | json-c-devel | < 0.11-4.el7_0 | json-c-devel-0.11-4.el7_0.ppc64.rpm |