Описание
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This is essentially a integer overflow in the 'size' variable caused by large data input. In most systems its a signed integer overflow and results in out of bounds buffer write on the heap. However the impact is greatly reduced because such an attack is only possible if the application compiled with json-c is designed to accept untrusted large json files. Also the attack vector in this case as considered as local in most practical cases.
Меры по смягчению последствий
Since this flaw is triggered by untrusted large json files. If any applications linked against json-c is used ensure that the application does not accept large json files. (or untrusted ones wherever possible)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | json-c | Will not fix | ||
| Red Hat Enterprise Linux 7 | json-c | Will not fix | ||
| Red Hat Enterprise Linux 9 | json-c | Not affected | ||
| Red Hat Enterprise Linux 8 | json-c | Fixed | RHSA-2021:4382 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | libfastjson | Fixed | RHSA-2023:6976 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | json-c | Fixed | RHSA-2021:4382 | 09.11.2021 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | libfastjson | Fixed | RHSA-2024:0411 | 25.01.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | libfastjson | Fixed | RHSA-2024:0573 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | libfastjson | Fixed | RHSA-2023:6431 | 07.11.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | libfastjson | Fixed | RHSA-2024:1154 | 05.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
json-c through 0.14 has an integer overflow and out-of-bounds write vi ...
EPSS
7.8 High
CVSS3