Red Hat Security Advisory 2021-4382-02 - JSON-C implements a reference counting object model that allows users to easily construct JavaScript Object Notation objects in C, output them as JSON formatted strings, and parse JSON formatted strings back into the C representation of JSON objects. Issues addressed include integer overflow and out of bounds write vulnerabilities.
742e73722d780cca4ec16e03133ef756fdac574fb815fad4b6594adab6bf6a27
Debian Linux Security Advisory 4741-1 - Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed.
a624d5ab564c8fd412469da7a39fbfdbbb94b00bafbaef4eeaf9161434f5d3b9
Gentoo Linux Security Advisory 202006-13 - Multiple vulnerabilities have been found in json-c, the worst of which could result in a Denial of Service condition. Versions less than 0.14-r3 are affected.
2d8a86b8fefdac05b90ebe6e85d8e1402912572c5fa9627a3cda991a1a1da182
Ubuntu Security Notice 4360-4 - USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
2807edeea9a8f95f742e907a1f8ca749a089935a9eb6c21362d40e5c85bc3305
Ubuntu Security Notice 4360-1 - It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code.
6ef34fc2a01ad9875697fa9767423e9d76c648b0eae0357fd47a3109b9968d79