system/json-c: CVE-2020-12762: printbuf_memappend integer overflow / OOB write
| Bugzilla ID | 286 |
| Alias(es) | CVE-2020-12762 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-15 16:34:50 -0500 |
| Modified | 2020-10-30 22:33:02 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/json-c |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-12762 |
Description
json-c through 0.14 has an integer overflow and out-of-bounds write
via a large JSON file, as demonstrated by printbuf_memappend.
Unreleased fixes:
https://github.com/json-c/json-c/pull/592
https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
https://github.com/json-c/json-c/pull/610
Backports:
https://github.com/json-c/json-c/pull/608