CVE-2020-36325

Published: 26 April 2021

** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
jansson
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
mdeslaur
this was an issue in the fuzzer code, not in the library itself
https://github.com/akheron/jansson/issues/548#issuecomment-828007511
disputed by upstream, marking as not-affected

References