CVE-2013-6371 — Json-c vulnerability

CWE-31010 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Json-c Debian Json-c Fedoraproject Fedora

Timeline

PublishedApr 22

Latest updateMay 17

Description

The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDjson-c/json-c< 0.12-20140410

▶debiandebian/json-c< json-c 0.11-4 (bookworm)

▶Debianjson-c/json-c< 0.11-4+3

▶Ubuntujson-c/json-c< 0.11-3ubuntu1.2

Also affects: Fedora 20

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qmhf-38fc-rg36: The hash functionality in json-c before 0↗2022-05-17

▶

OSV

json-c vulnerabilities↗2014-06-12

▶

OSV

CVE-2013-6371: The hash functionality in json-c before 0↗2014-04-22

▶

📋Vendor Advisories

Ubuntu

json-c vulnerabilities↗2014-06-12

▶

Red Hat

json-c: hash collision DoS↗2014-04-09

▶

Debian

CVE-2013-6371: json-c - The hash functionality in json-c before 0.12 allows context-dependent attackers ...↗2013

▶

💬Community

Bugzilla

CVE-2013-6371 CVE-2013-6370 json-c: various flaws [epel-all]↗2014-04-09

▶

Bugzilla

CVE-2013-6371 CVE-2013-6370 json-c: various flaws [fedora-all]↗2014-04-09

▶

Bugzilla

CVE-2013-6371 json-c: hash collision DoS↗2013-11-20

▶