CVE-2020-12762

Опубликовано: 09 мая 2020

Источник: debian

EPSS Низкий

Описание

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Пакет	Статус	Версия исправления	Релиз	Тип
json-c	fixed	0.13.1+dfsg-8		package
libfastjson	fixed	1.2304.0-1		package
libfastjson	no-dsa		bullseye	package

https://github.com/json-c/json-c/pull/592
https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45
https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67
https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
d07b91014986 ("Fix integer overflows.") introduces a regression tracked as:
https://github.com/json-c/json-c/issues/599
https://github.com/json-c/json-c/pull/610
Working backports for older branches: https://github.com/json-c/json-c/pull/608
https://github.com/rsyslog/libfastjson/issues/161

EPSS

Процентиль: 39%

0.0017

Низкий

CVE-2020-12762

CVSS3: 7.8

ubuntu

больше 5 лет назад

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVE-2020-12762

CVSS3: 7.8

redhat

больше 5 лет назад

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVE-2020-12762

CVSS3: 7.8

nvd

больше 5 лет назад

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVE-2020-12762

CVSS3: 7.8

msrc

около 5 лет назад

Описание отсутствует

openSUSE-SU-2022:0184-2

suse-cvrf

больше 3 лет назад

Security update for json-c

EPSS

Процентиль: 39%

0.0017

Низкий