Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jun 2015 21:03:45 -0400
From: Giancarlo Canales <gcanalesb@...com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing
 crafted JSON strings

Any update on a possible CVE for this issue?

Thanks,


Giancarlo Canales Barreto

> On Jun 10, 2015, at 5:12 PM, Giancarlo Canales <gcanalesb@...com> wrote:
> 
> I recently discovered a buffer overflow weakness in the open source ArduinoJson library.
> Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad.
> 
> This issue has already been made public, and a fix has been released by the project maintainer.
> 
> Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings
> Products: ArduinoJson
> Affects: All versions prior to v4.5
> Type: Buffer overflow
> First CVE ID Request: Yes
> 
> Link to vulnerable source code or fix:
> https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72
> 
> Link to source code change log:
> https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md
> 
> Link to bug entry:
> https://github.com/bblanchon/ArduinoJson/pull/81
> 
> Thanks in advance,
> 
> 
> Giancarlo Canales Barreto


Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ