358 matches found
Medium: json-c
Issue Overview: The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions. Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service...
json-c: hash collision DoS
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
CVE-2013-6371 affects json-c prior to 0.12. The issue is a hash collision denial-of-service in the JSON-C hash function used during string parsing, allowing an attacker to cause high CPU/DoS with crafted JSON data. Public advisories (Red Hat RHSA-2014:0703, Oracle/OpenSUSE/NASL/ Mandriva entries,...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
Fedora 20 : jansson-2.6-1.fc20 (2014-3778)
Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an...
DEBIAN-CVE-2013-6401
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0269
The connected advisories link CVE-2020-10663 to CVE-2013-0269: both describe an Unsafe Object Creation vulnerability in the Ruby json gem (up to 2.2.0) where JSON parsing can create malicious objects in the interpreter. Affected are Ruby environments where the json gem is used (notably Ruby 2.4–2...
CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...