Date: Mon, 15 Jun 2015 21:03:45 -0400 From: Giancarlo Canales <gcanalesb@...com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Any update on a possible CVE for this issue? Thanks, Giancarlo Canales Barreto > On Jun 10, 2015, at 5:12 PM, Giancarlo Canales <gcanalesb@...com> wrote: > > I recently discovered a buffer overflow weakness in the open source ArduinoJson library. > Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad. > > This issue has already been made public, and a fix has been released by the project maintainer. > > Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings > Products: ArduinoJson > Affects: All versions prior to v4.5 > Type: Buffer overflow > First CVE ID Request: Yes > > Link to vulnerable source code or fix: > https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72 > > Link to source code change log: > https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md > > Link to bug entry: > https://github.com/bblanchon/ArduinoJson/pull/81 > > Thanks in advance, > > > Giancarlo Canales Barreto Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ