system/json-c: CVE-2020-12762: printbuf_memappend integer overflow / OOB write
Bugzilla ID | 286 |
Alias(es) | CVE-2020-12762 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-05-15 16:34:50 -0500 |
Modified | 2020-10-30 22:33:02 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/json-c |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-12762 |
Description
json-c through 0.14 has an integer overflow and out-of-bounds write
via a large JSON file, as demonstrated by printbuf_memappend.
Unreleased fixes:
https://github.com/json-c/json-c/pull/592
https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
https://github.com/json-c/json-c/pull/610
Backports:
https://github.com/json-c/json-c/pull/608