Date: Tue, 3 May 2016 15:42:27 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request: Jansson: stack exhaustion parsing a JSON file 2016-05-02 14:46 GMT+02:00 <cve-assign@...re.org>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > https://github.com/akheron/jansson/issues/282 > > > It takes a less than 100kb json file to crash the library, which is > > bad if you are receiving untrusted inputs. > > >> https://github.com/akheron/jansson/blob/master/README.rst > >> Jansson is a C library for encoding, decoding and manipulating JSON > data. > > Use CVE-2016-4425. > It was fixed here: https://github.com/akheron/jansson/pull/284
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ