CVE-2016-4425 — Improper Input Validation in Jansson

CWE-20 — Improper Input Validation CWE-674 — Uncontrolled Recursion CWE-400 — Uncontrolled Resource Consumption8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 22.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jansson Project Jansson Debian Jansson

Timeline

PublishedMay 17

Latest updateMay 17

Description

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/jansson< jansson 2.7-5 (bookworm)

▶Debianjansson_project/jansson< 2.7-5+3

▶NVDjansson_project/jansson2.7

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rf62-m3fm-w623: Jansson 2↗2022-05-17

▶

OSV

CVE-2016-4425: Jansson 2↗2016-05-17

▶

📋Vendor Advisories

Red Hat

jansson: stack exhaustion parsing a JSON file↗2016-05-01

▶

Debian

CVE-2016-4425: jansson - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of ...↗2016

▶

💬Community

Bugzilla

CVE-2016-4425 jansson: stack exhaustion parsing a JSON file↗2016-05-02

▶

Bugzilla

CVE-2016-4425 jansson: stack exhaustion parsing a JSON file [fedora-all]↗2016-05-02

▶

Bugzilla

CVE-2016-4425 jansson: stack exhaustion parsing a JSON file [epel-6]↗2016-05-02

▶