Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to Jansson

Summary IBM DataPower Gateway uses Jansson as part of the On Demand Router ODR component Vulnerability Details CVEID:CVE-2013-6401 DESCRIPTION: Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to caus...

EUVD-2013-6222

Malware in sbrugna...

EUVD-2016-5424

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-36325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out- of-bounds read-access bug. NOTE: the vendor reports that...

ROOT-OS-DEBIAN-12-CVE-2020-36325 CVE-2020-36325 in rootio-jansson - Patched by Root

Root has patched CVE-2020-36325 in the rootio-jansson package for Root:Debian:12. Multiple fixed versions available...

Linux Distros Unpatched Vulnerability : CVE-2016-4425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

CVE-2020-36325 affecting package jansson 2.11-3

CVE-2020-36325 affecting package jansson 2.11-3. No patch is available currently...

janssonpartner.se Cross Site Scripting vulnerability OBB-3789371

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Debian: Security Advisory (DLA-471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2013-6401

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...

SUSE CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

new packages: jansson

An update is available for jansson. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

jansson bug fix and enhancement update

An update is available for jansson. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...

ALBA-2022:2061 jansson bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

CVE-2020-36325 affecting package jansson for versions less than 2.14-1

CVE-2020-36325 affecting package jansson for versions less than 2.14-1. An upgraded version of the package is available that resolves this issue...

Mageia: Security Advisory (MGASA-2016-0198)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

...

CVE-2020-36325

A flaw was found in jansson. An out-of-bounds read-access bug is possible due to a parsing error in jsonloads. The highest threat from this vulnerability is do system availability...

Jansson Out-of-Bounds Memory Read Vulnerability

Jansson is a C library for encoding, decoding and manipulating JSON data. An out-of-bounds memory read vulnerability exists in Jansson 2.13.1 and earlier versions. The vulnerability stems from a parsing error in jsonloads. No details of the vulnerability are provided at this time...

ALPINE-CVE-2020-36325

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification...