UBUNTU-CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

CVE-2020-12762

CVE-2020-12762 affects json-c up to 0.14, with an integer overflow and an out-of-bounds write in printbuf_memappend when processing large JSON files. Connected advisories reference fixes by upgrading to newer json-c/libfastjson packages (e.g., libfastjson 0.99.9-1+/0.99.9-1+deb11u1 and json-c 0.1...

CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

PT-2020-6199 · Json-C +10 · Json-C +10

Name of the Vulnerable Software and Affected Versions: json-c versions 0.14 and earlier Description: The issue is related to an integer overflow and out-of-bounds write in json-c, which can be triggered by a large JSON file. This can be demonstrated by the printbuf memappend function. The...

json-c -- integer overflow and out-of-bounds write via a large JSON file

Tobias Stöckmann reports: I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or if a huge load during filesystem operations can be triggered...

Security Bulletin: IBM® DB2® LUW is affected by the JSON-C vulnerability (CVE-2013-6371)

Summary IBM® DB2® LUW is affected by a denial of service vulnerability in JavaScript Object Notation JSON-C, caused by an error in the hash function during string parsing. A remote, unauthorized user could exploit this vulnerability to consume all available CPU resources. Vulnerability Details CV...

Fedora 27 : json-c (2017-20b18a4ffe)

Patch : - Avoid invalid free and crash explicitly instead of silently enabling the caller to commit undefined behaviour. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...

Fedora 26 : json-c (2017-6d952bdc53)

Patch : - Avoid invalid free and crash explicitly instead of silently enabling the caller to commit undefined behaviour. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...

Fedora Update for json-c FEDORA-2017-6d952bdc53

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for json-c FEDORA-2017-20b18a4ffe

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: json-c-0.12.1-5.fc27

JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159...

[SECURITY] Fedora 26 Update: json-c-0.12.1-5.fc26

JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159...

sylkie - IPv6 address spoofing with the Neighbor Discovery Protocol

A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. Getting Started Note: This project is still in the early phases of development. If you run into any problems, please consider submittin...

IPv6 Address Spoofing: sylkie

IPv6 Address Spoofing A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. Getting Started Dependencies libseccomp json-c Build Get the code and compile it! Get the code git clone...

Oracle: Security Advisory (ELSA-2014-0703)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-416)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : postgis-2.1.7-1.fc22 (2015-5510)

Update to latest release, which includes security fixes. Update to 2.1.6, per changes described at: http://postgis.net/2015/03/20/postgis-2.1.6 enable json-c for postigs, but disable it for upgrade part Rebuild for Proj 4.9.1 Note that Tenable Network Security has extracted the preceding...

Mandriva Linux Security Advisory : json-c (MDVSA-2015:102)

Updated json-c packages fix security vulnerabilities : Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...