Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 09 Apr 2014 12:07:44 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Two security flaws with json-c

Hi All,

Florian Weimer of the Red Hat Product Security Team discovered two flaws
in json-c, details as follows:

1.  CVE-2013-6371 json-c: hash collision DoS

The hash function in the json-c library was weak, and that parsing
smallish JSON strings showed quadratic timing behaviour.  This could
cause an application linked to the json-c library, and that processes
some specially-crafted JSON data, to use excessive amounts of CPU.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=1032311

2. CVE-2013-6370 json-c: buffer overflow if size_t is larger than int

The printbuf APIs used in the json-c library used ints for counting
buffer lengths, which is inappropriate for 32bit architectures.  These
functions need to be changed to using size_t if possible for sizes, or
to be hardened against negative values if not.  This could be used to
cause a denial of service in an application linked to the json-c library.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=1032322


Both these issues are fixed via the following upstream commit:
https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015



-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ