Bug#960326: json-c: CVE-2020-12762

To: 960326@bugs.debian.org
Subject: Bug#960326: json-c: CVE-2020-12762
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 15 May 2020 22:19:42 +0200
Message-id: <[🔎] 20200515201942.GA2020932@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 960326@bugs.debian.org
In-reply-to: <[🔎] 158922691202.1456848.14032900298008797019.reportbug@eldamar.local>
References: <[🔎] 158922691202.1456848.14032900298008797019.reportbug@eldamar.local> <[🔎] 158922691202.1456848.14032900298008797019.reportbug@eldamar.local>

Hi,

On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote:
> Source: json-c
> Version: 0.13.1+dfsg-7
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/json-c/json-c/pull/592
> 
> Hi,
> 
> The following vulnerability was published for json-c.
> 
> CVE-2020-12762[0]:
> | json-c through 0.14 has an integer overflow and out-of-bounds write
> | via a large JSON file, as demonstrated by printbuf_memappend.

The upstream fix introduces a regression, see in particular
https://github.com/json-c/json-c/issues/599 .

FWIW, Ubuntu has as well reverted the fix, pending further
investigation as per https://usn.ubuntu.com/4360-2/ 

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#960326: json-c: CVE-2020-12762
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Bug#960326: json-c: CVE-2020-12762
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: ngetty_1.1-5_source.changes ACCEPTED into unstable
Next by Date: pwget_2016.1019+git75c6e3e-3_source.changes ACCEPTED into unstable
Previous by thread: Bug#960326: json-c: CVE-2020-12762
Next by thread: Bug#960326: json-c: CVE-2020-12762
Index(es):
- Date
- Thread