Date: Mon, 15 Jun 2015 21:03:45 -0400 From: Giancarlo Canales <gcanalesb@...com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Any update on a possible CVE for this issue? Thanks, Giancarlo Canales Barreto > On Jun 10, 2015, at 5:12 PM, Giancarlo Canales <gcanalesb@...com> wrote: > > I recently discovered a buffer overflow weakness in the open source ArduinoJson library. > Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad. > > This issue has already been made public, and a fix has been released by the project maintainer. > > Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings > Products: ArduinoJson > Affects: All versions prior to v4.5 > Type: Buffer overflow > First CVE ID Request: Yes > > Link to vulnerable source code or fix: > https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72 > > Link to source code change log: > https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md > > Link to bug entry: > https://github.com/bblanchon/ArduinoJson/pull/81 > > Thanks in advance, > > > Giancarlo Canales Barreto Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.