oss-sec mailing list archives
Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings
From: cve-assign () mitre org
Date: Tue, 16 Jun 2015 05:44:50 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72 https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md https://github.com/bblanchon/ArduinoJson/pull/81
v4.5 Fixed buffer overflow when input contains a backslash followed by a terminator (issue #81) Upgrading is recommended since previous versions contain a potential security risk.
the pointer will move one more step to "\\[\]!" the unescapeChar function will once again move the pointer to: "\\\[!]" And, finally, at the beginning of the next cycle "\\\![]"
Use CVE-2015-4590 for this issue involving improper handling of quoting at the end of a string. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVf++wAAoJEKllVAevmvms0gkH/2cT6uzjei/W8O9l9QpTgO5y i592tD/BqfbNkjW9koCm6gV+ptV9fk+QeNWibsnInJZx/9kylIote6C5rpYh9xwL OOkwsoZt19S4BG+4wWI4VzP4KjzJ5VlG2U2RU1ymPnd9edQmI+2NeEkF0KuJz9qs u3fJgM6G0HGBX/yY0By5Lvp+9I0ypch/e9PyGh2JlgiIXHJPvr2AeOX3e7vD7pKM 2vXZlTv3UThnPmedwjuRHiO0v/w6jHER5nxT/iJpa1mE08xzyejUJajJF1yz1Xjj YcBgfB6VSeTBkM+NYF22GPh248pDIPz2sEvq2OPHkrNJZz1S4kbTK2mjdOSPTTM= =OYDd -----END PGP SIGNATURE-----
Current thread:
- CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales (Jun 10)
- Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales (Jun 15)
- Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings cve-assign (Jun 16)