CVE-2020-12762

Опубликовано: 09 мая 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Third Party Advisory
https://github.com/json-c/json-c/pull/592
Exploit
Patch
Third Party Advisory
https://github.com/rsyslog/libfastjson/issues/161
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/
https://security.gentoo.org/glsa/202006-13
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210521-0001/
Third Party Advisory
https://usn.ubuntu.com/4360-1/
Third Party Advisory
https://usn.ubuntu.com/4360-4/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4741
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Third Party Advisory
https://github.com/json-c/json-c/pull/592
Exploit
Patch
Third Party Advisory
https://github.com/rsyslog/libfastjson/issues/161
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:json-c:json-c:*:*:*:*:*:*:*:*

Версия до 0.15-20200726 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:siemens:sinec_ins:-:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*

cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.0017

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

CWE-787

Связанные уязвимости

CVE-2020-12762

CVSS3: 7.8

ubuntu

больше 5 лет назад

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVE-2020-12762

CVSS3: 7.8

redhat

больше 5 лет назад

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVE-2020-12762

CVSS3: 7.8

msrc

около 5 лет назад

Описание отсутствует

CVE-2020-12762

CVSS3: 7.8

debian

больше 5 лет назад

json-c through 0.14 has an integer overflow and out-of-bounds write vi ...

openSUSE-SU-2022:0184-2

suse-cvrf

больше 3 лет назад

Security update for json-c

EPSS

Процентиль: 39%

0.0017

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

CWE-787