CVE-2020-12762
Published: 9 May 2020
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Notes
| Author | Note |
|---|---|
| mdeslaur | USN-4360-1 introduced a regression and the problematic fix was backed out in USN-4360-2 and USN-4360-3 pending further investigation. |
Priority
Medium
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
json-c Launchpad, Ubuntu, Debian |
bionic |
Released
(0.12.1-1.3ubuntu0.3)
|
| eoan |
Released
(0.13.1+dfsg-4ubuntu0.3)
|
|
| focal |
Released
(0.13.1+dfsg-7ubuntu0.3)
|
|
| precise |
Released
(0.9-1ubuntu1.4)
|
|
| trusty |
Released
(0.11-3ubuntu1.2+esm3)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.11-4ubuntu2.6)
|
|
|
Patches: upstream: https://github.com/json-c/json-c/pull/592/commits/099016b7e8d70a6d5dd814e788bba08d33d48426 upstream: https://github.com/json-c/json-c/pull/592/commits/77d935b7ae7871a1940cd827e850e6063044ec45 upstream: https://github.com/json-c/json-c/pull/592/commits/d07b91014986900a3a75f306d302e13e005e9d67 upstream: https://github.com/besser82/json-c/commit/7a4807fe0cdb1d9e20273c79762cbf54833aaae4 (regression fix) |
||