CVE-2013-6401 — Jansson vulnerability

CWE-3108 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 43.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jansson Project Jansson Debian Jansson

Timeline

PublishedMar 21

Latest updateMay 17

Description

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/jansson< jansson 2.6-1 (bookworm)

▶Debianjansson_project/jansson< 2.6-1+3

▶NVDjansson_project/jansson2.4+7

🔴Vulnerability Details

GHSA

GHSA-qjq9-rwgx-jjhc: Jansson, possibly 2↗2022-05-17

▶

OSV

CVE-2013-6401: Jansson, possibly 2↗2014-03-21

▶

📋Vendor Advisories

Red Hat

jansson: hash table collisions CPU usage DoS↗2014-02-12

▶

Debian

CVE-2013-6401: jansson - Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash...↗2013

▶

💬Community

Bugzilla

CVE-2013-6401 jansson: hash table collisions CPU usage DoS [fedora-all]↗2014-02-11

▶

Bugzilla

CVE-2013-6401 jansson: hash table collisions CPU usage DoS [epel-6]↗2014-02-11

▶

Bugzilla

CVE-2013-6401 jansson: hash table collisions CPU usage DoS↗2013-11-28

▶