Mandriva Linux Security Advisory 2015-102 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
53220f408dd775184b66dbae8a641480a35b07f26f6e64a9d1156a34f96373cb
Ubuntu Security Notice 2245-1 - Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. Various other issues were also addressed.
a57ea49884c6cf0f8ea45672c161cc7b8c6f2ed0c6eee532aa167162dcba60d9
Red Hat Security Advisory 2014-0703-01 - JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C representation of JSON objects. Multiple buffer overflow flaws were found in the way the json-c library handled long strings in JSON documents. An attacker able to make an application using json-c parse excessively large JSON input could cause the application to crash. A denial of service flaw was found in the implementation of hash arrays in json-c. An attacker could use this flaw to make an application using json-c consume an excessive amount of CPU time by providing a specially crafted JSON document that triggers multiple hash function collisions. To mitigate this issue, json-c now uses a different hash function and randomization to reduce the chance of an attacker successfully causing intentional collisions.
ec0b06a0535e8df27753e5181c0e7d8cade9fc689caf95d4a775564fb8104dc4
Mandriva Linux Security Advisory 2014-079 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
283252a26796384c39dbaf9c5eebd109cce41ade7c0422b68ccb6e4ff62aa236