CVE-2020-12762
published 2020-05-09CVE-2020-12762: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | json-c | < json-c 0.13.1+dfsg-8 (bookworm) | json-c 0.13.1+dfsg-8 (bookworm) |
| debian | libfastjson | < json-c 0.13.1+dfsg-8 (bookworm) | json-c 0.13.1+dfsg-8 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| json-c | json-c | < 0.15-20200726 | 0.15-20200726 |
| json-c | json-c | >= 0 < 0.13.1+dfsg-8 | 0.13.1+dfsg-8 |
| json-c | json-c | >= 0 < 0.13.1+dfsg-8 | 0.13.1+dfsg-8 |
| json-c | json-c | >= 0 < 0.13.1+dfsg-8 | 0.13.1+dfsg-8 |
| json-c | json-c | >= 0 < 0.13.1+dfsg-8 | 0.13.1+dfsg-8 |
| json-c | json-c | >= 0 < 0.11-4ubuntu2.6 | 0.11-4ubuntu2.6 |
| json-c | json-c | >= 0 < 0.12.1-1.3ubuntu0.3 | 0.12.1-1.3ubuntu0.3 |
| json-c | json-c | >= 0 < 0.13.1+dfsg-7ubuntu0.3 | 0.13.1+dfsg-7ubuntu0.3 |
| json-c | json-c | >= 0 < 0.11-3ubuntu1.2+esm3 | 0.11-3ubuntu1.2+esm3 |
| msrc | cbl2_json-c_0.15-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH