Home

CVE-2020-12762

Description

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.28

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM MQ 9.1Windows
Multiple Vulnerabilities are affected in IBM MQ 9.2Windows
JSON manipulation library (USN-4360-1) libjson0_0.11-4ubuntu2.1_i386.debLinux
JSON manipulation library (USN-4360-1) libjson0_0.11-4ubuntu2.1_amd64.debLinux
JSON manipulation library (USN-4360-1) libjson-c2_0.11-4ubuntu2.1_i386.debLinux
JSON manipulation library (USN-4360-1) libjson-c2_0.11-4ubuntu2.1_amd64.debLinux
JSON manipulation library (USN-4360-1) libjson-c3_0.12.1-1.3ubuntu0.1_i386.debLinux
JSON manipulation library (USN-4360-1) libjson-c3_0.12.1-1.3ubuntu0.1_amd64.debLinux
JSON manipulation library (USN-4360-1) libjson-c4_0.13.1+dfsg-4ubuntu0.1_i386.debLinux
JSON manipulation library (USN-4360-1) libjson-c4_0.13.1+dfsg-4ubuntu0.1_amd64.debLinux
JSON manipulation library (USN-4360-1) libjson-c4_0.13.1+dfsg-7ubuntu0.1_i386.debLinux
JSON manipulation library (USN-4360-1) libjson-c4_0.13.1+dfsg-7ubuntu0.1_amd64.debLinux
JSON manipulation library (USN-4360-4) libjson0_0.11-4ubuntu2.6_i386.debLinux
JSON manipulation library (USN-4360-4) libjson0_0.11-4ubuntu2.6_amd64.debLinux
JSON manipulation library (USN-4360-4) libjson-c2_0.11-4ubuntu2.6_i386.debLinux
JSON manipulation library (USN-4360-4) libjson-c2_0.11-4ubuntu2.6_amd64.debLinux
JSON manipulation library (USN-4360-4) libjson-c3_0.12.1-1.3ubuntu0.3_i386.debLinux
JSON manipulation library (USN-4360-4) libjson-c3_0.12.1-1.3ubuntu0.3_amd64.debLinux
JSON manipulation library (USN-4360-4) libjson-c4_0.13.1+dfsg-4ubuntu0.3_i386.debLinux
JSON manipulation library (USN-4360-4) libjson-c4_0.13.1+dfsg-4ubuntu0.3_amd64.debLinux
JSON manipulation library (USN-4360-4) libjson-c4_0.13.1+dfsg-7ubuntu0.3_i386.debLinux
JSON manipulation library (USN-4360-4) libjson-c4_0.13.1+dfsg-7ubuntu0.3_amd64.debLinux
(RHSA-2021:4382) json-c security and bug fix update json-c-debugsource-0.13.1-2.el8.i686.rpmLinux
(RHSA-2021:4382) json-c security and bug fix update json-c-debugsource-0.13.1-2.el8.x86_64.rpmLinux
(RHSA-2021:4382) json-c security and bug fix update json-c-devel-0.13.1-2.el8.i686.rpmLinux
(RHSA-2021:4382) json-c security and bug fix update json-c-devel-0.13.1-2.el8.x86_64.rpmLinux
SUSE-SU-2023:2135-1(Basesystem Module 15-SP4 ) libfastjson-debugsource-0.99.9-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:2135-1(Basesystem Module 15-SP4 ) libfastjson-devel-0.99.9-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:2135-1(Basesystem Module 15-SP4 ) libfastjson4-0.99.9-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:2135-1(Basesystem Module 15-SP4 ) libfastjson4-debuginfo-0.99.9-150400.3.3.1.x86_64.rpmLinux
(RHSA-2023:6431)Moderate: security update libfastjson-0.99.9-5.el9.i686.rpmLinux
(RHSA-2023:6431)Moderate: security update libfastjson-0.99.9-5.el9.x86_64.rpmLinux
(RHSA-2023:6431)Moderate: security update libfastjson-debuginfo-0.99.9-5.el9.i686.rpmLinux
(RHSA-2023:6431)Moderate: security update libfastjson-debuginfo-0.99.9-5.el9.x86_64.rpmLinux
(RHSA-2023:6431)Moderate: security update libfastjson-debugsource-0.99.9-5.el9.i686.rpmLinux
(RHSA-2023:6431)Moderate: security update libfastjson-debugsource-0.99.9-5.el9.x86_64.rpmLinux
(RHSA-2023:6976)Moderate: security update libfastjson-0.99.9-2.el8.i686.rpmLinux
(RHSA-2023:6976)Moderate: security update libfastjson-0.99.9-2.el8.x86_64.rpmLinux
(RHSA-2023:6976)Moderate: security update libfastjson-debuginfo-0.99.9-2.el8.i686.rpmLinux
(RHSA-2023:6976)Moderate: security update libfastjson-debuginfo-0.99.9-2.el8.x86_64.rpmLinux
(RHSA-2023:6976)Moderate: security update libfastjson-debugsource-0.99.9-2.el8.i686.rpmLinux
(RHSA-2023:6976)Moderate: security update libfastjson-debugsource-0.99.9-2.el8.x86_64.rpmLinux
Libfastjson update (ELSA-2023-6431) libfastjson-0.99.9-5.el9.i686.rpmLinux
Libfastjson update (ELSA-2023-6431) libfastjson-0.99.9-5.el9.x86_64.rpmLinux
Libfastjson update (ELSA-2023-6976) libfastjson-0.99.9-2.el8.i686.rpmLinux
Libfastjson update (ELSA-2023-6976) libfastjson-0.99.9-2.el8.x86_64.rpmLinux
SUSE-SU-2022:3001-1(SUSE Linux Enterprise Server 12-SP5 ) json-c-debugsource-0.12.1-4.3.1.x86_64.rpmLinux
SUSE-SU-2022:3001-1(SUSE Linux Enterprise Server 12-SP5 ) libjson-c-devel-0.12.1-4.3.1.x86_64.rpmLinux
SUSE-SU-2022:3001-1(SUSE Linux Enterprise Server 12-SP5 ) libjson-c2-0.12.1-4.3.1.x86_64.rpmLinux
SUSE-SU-2022:3001-1(SUSE Linux Enterprise Server 12-SP5 ) libjson-c2-32bit-0.12.1-4.3.1.x86_64.rpmLinux
SUSE-SU-2022:3001-1(SUSE Linux Enterprise Server 12-SP5 ) libjson-c2-debuginfo-0.12.1-4.3.1.x86_64.rpmLinux
SUSE-SU-2022:3001-1(SUSE Linux Enterprise Server 12-SP5 ) libjson-c2-debuginfo-32bit-0.12.1-4.3.1.x86_64.rpmLinux
(RHSA-2021:4382) json-c security and bug fix update json-c-0.13.1-2.el8.i686.rpmLinux
(RHSA-2021:4382) json-c security and bug fix update json-c-0.13.1-2.el8.x86_64.rpmLinux
(RHSA-2021:4382)Moderate: security and bug fix update json-c-debuginfo-0.13.1-2.el8.i686.rpmLinux
(RHSA-2021:4382)Moderate: security and bug fix update json-c-debuginfo-0.13.1-2.el8.x86_64.rpmLinux
Json-c update (ELSA-2021-4382) json-c-0.13.1-2.el8.i686.rpmLinux
Json-c update (ELSA-2021-4382) json-c-0.13.1-2.el8.x86_64.rpmLinux
Json-c-devel update (ELSA-2021-4382) json-c-devel-0.13.1-2.el8.i686.rpmLinux
Json-c-devel update (ELSA-2021-4382) json-c-devel-0.13.1-2.el8.x86_64.rpmLinux
json-c Security Update (ALAS-2020-1442) json-c-0.11-4.amzn2.0.4.i686.rpmLinux
json-c Security Update (ALAS-2020-1442) json-c-0.11-4.amzn2.0.4.x86_64.rpmLinux
json-c Security Update (ALAS-2020-1442) json-c-doc-0.11-4.amzn2.0.4.noarch.rpmLinux
json-c Security Update (ALAS-2020-1442) json-c-devel-0.11-4.amzn2.0.4.x86_64.rpmLinux
libfastjson Security Update (ALAS-2023-205) libfastjson-0.99.9-1.amzn2023.0.3.x86_64.rpmLinux
libfastjson Security Update (ALAS-2023-205) libfastjson-devel-0.99.9-1.amzn2023.0.3.x86_64.rpmLinux
libfastjson Security Update (ALAS-2023-2079) libfastjson-0.99.4-3.amzn2.0.1.i686.rpmLinux
libfastjson Security Update (ALAS-2023-2079) libfastjson-0.99.4-3.amzn2.0.1.x86_64.rpmLinux
libfastjson Security Update (ALAS-2023-2079) libfastjson-devel-0.99.4-3.amzn2.0.1.x86_64.rpmLinux
json-c Security Update (ALAS-2023-232) json-c-0.14-8.amzn2023.0.2.x86_64.rpmLinux
json-c Security Update (ALAS-2023-232) json-c-doc-0.14-8.amzn2023.0.2.noarch.rpmLinux
json-c Security Update (ALAS-2023-232) json-c-devel-0.14-8.amzn2023.0.2.x86_64.rpmLinux
Moderate: libfastjson security update libfastjson-0.99.9-5.el9.i686.rpmLinux
Moderate: libfastjson security update libfastjson-0.99.9-5.el9.x86_64.rpmLinux
Moderate: libfastjson security update libfastjson-0.99.9-2.el8.i686.rpmLinux
Moderate: libfastjson security update libfastjson-0.99.9-2.el8.x86_64.rpmLinux
libfastjson Security Update (ALAS2-2023-2079) libfastjson-0.99.4-3.amzn2.0.1.x86_64.rpmLinux
libfastjson Security Update (ALAS2-2023-2079) libfastjson-0.99.4-3.amzn2.0.1.i686.rpmLinux
libfastjson Security Update (ALAS2-2023-2079) libfastjson-devel-0.99.4-3.amzn2.0.1.x86_64.rpmLinux
libfastjson Security Update (ALAS2023-2023-205) libfastjson-0.99.9-1.amzn2023.0.3.x86_64.rpmLinux
libfastjson Security Update (ALAS2023-2023-205) libfastjson-devel-0.99.9-1.amzn2023.0.3.x86_64.rpmLinux
json-c Security Update (ALAS2023-2023-232) json-c-0.14-8.amzn2023.0.2.x86_64.rpmLinux
json-c Security Update (ALAS2023-2023-232) json-c-devel-0.14-8.amzn2023.0.2.x86_64.rpmLinux
json-c Security Update (ALAS2023-2023-232) json-c-doc-0.14-8.amzn2023.0.2.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234