Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon,  2 May 2016 08:46:47 -0400 (EDT)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Jansson: stack exhaustion parsing a JSON file

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/akheron/jansson/issues/282

> It takes a less than 100kb json file to crash the library, which is
> bad if you are receiving untrusted inputs.

>> https://github.com/akheron/jansson/blob/master/README.rst
>> Jansson is a C library for encoding, decoding and manipulating JSON data.

Use CVE-2016-4425.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXJ0ufAAoJEHb/MwWLVhi24okQALgjTPVfcfIDXtenPzhzNHRx
ypUyAed3CIVkfJC+R+ehuFEmpyAKEgO1woqy1TjIqi9U+lDGXFVa4FX98ENwFE22
ap3EpKq0ZwzeacPhm/XYOyIqmeA96nonf9NNFAhCvtpSjLxaWcrs7JbnqhCrsf1/
qBM819kLXwuO8GUtdJYVkOVWQX3e5QadqwOiU5J6b7pe8FiJBlsW32b9tANXJg7I
G1W3lYXG/nULkXGEjyj8fFlLM0icync8T4revmBXNN9AWQOxjOx7zoODy54snzSU
7vIkd79NLG623aosZp7h2bcmJdP9l1WO7SPvF8qSzLP+fq5qrBaAuR++pOvzHp7Q
Whnfdg3uP//UiIcM/bh9jLCMXDJKsFgr/Qr5DItwsltdYteN31g6m+4nYmARtOE5
HjSnU5tYzzRzc7+kWtxYZxAeRFGQ8VNIv5j/85QFoIKGrkuGs2nGfW2T44ObZfyF
Nwd/k2Pa9k3sqwTAQp3lEI0nTSUn7vlzRzAr2/QhtPqbDdeERWZWsQDlEJ5L2n0f
m+b0iQIGBXFo9Q4wBdS91Vx6NEkhWxrgWbyIExgVCnUFh/LCo4BFjI3qq+GPsnoP
hmxD/9LXa8B2tefKtjzlPBnw4rqKyCFmfzVi+LkrZqNCxid+2DEpUBr2r+CsA7wv
jQNgK1C0S/wmuJclLq4+
=4UUQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ