Debian Json-C vulnerabilities

CVE-2021-32292 [CRITICAL] CVE-2021-32292: json-c - An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) thro... An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Scope: local bookworm: resolved (fixed in 0.16-1) bullseye: resolved (fixed in 0.15-2+deb11u1) forky: resolved (fixed in 0.16-1) sid: resolved (fixed

CVE-2020-12762 [HIGH] CVE-2020-12762: json-c - json-c through 0.14 has an integer overflow and out-of-bounds write via a large ... json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Scope: local bookworm: resolved (fixed in 0.13.1+dfsg-8) bullseye: resolved (fixed in 0.13.1+dfsg-8) forky: resolved (fixed in 0.13.1+dfsg-8) sid: resolved (fixed in 0.13.1+dfsg-8) trixie: resolved (fixed in 0.13.1+dfsg-8)

CVE-2013-6371 [MEDIUM] CVE-2013-6371: json-c - The hash functionality in json-c before 0.12 allows context-dependent attackers ... The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. Scope: local bookworm: resolved (fixed in 0.11-4) bullseye: resolved (fixed in 0.11-4) forky: resolved (fixed in 0.11-4) sid: resolved (fixed in 0.11-4) trixie: resolved (fixed in 0.11-4)

CVE-2013-6370 [MEDIUM] CVE-2013-6370: json-c - Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attacke... Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.11-4) bullseye: resolved (fixed in 0.11-4) forky: resolved (fixed in 0.11-4) sid: resolved (fixed in 0.11-4) trixie: resolved (fixed in 0.11-4)