Date: Wed, 10 Jun 2015 17:12:09 -0400 From: Giancarlo Canales <gcanalesb@...com> To: oss-security@...ts.openwall.com Subject: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings I recently discovered a buffer overflow weakness in the open source ArduinoJson library. Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad. This issue has already been made public, and a fix has been released by the project maintainer. Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings Products: ArduinoJson Affects: All versions prior to v4.5 Type: Buffer overflow First CVE ID Request: Yes Link to vulnerable source code or fix: https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72 Link to source code change log: https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md Link to bug entry: https://github.com/bblanchon/ArduinoJson/pull/81 Thanks in advance, Giancarlo Canales Barreto Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.