oss-sec mailing list archives
Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings
From: Giancarlo Canales <gcanalesb () me com>
Date: Mon, 15 Jun 2015 21:03:45 -0400
Any update on a possible CVE for this issue? Thanks, Giancarlo Canales Barreto
On Jun 10, 2015, at 5:12 PM, Giancarlo Canales <gcanalesb () me com> wrote: I recently discovered a buffer overflow weakness in the open source ArduinoJson library. Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad. This issue has already been made public, and a fix has been released by the project maintainer. Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings Products: ArduinoJson Affects: All versions prior to v4.5 Type: Buffer overflow First CVE ID Request: Yes Link to vulnerable source code or fix: https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72 Link to source code change log: https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md Link to bug entry: https://github.com/bblanchon/ArduinoJson/pull/81 Thanks in advance, Giancarlo Canales Barreto
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales (Jun 10)
- Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales (Jun 15)
- Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings cve-assign (Jun 16)