oss-sec mailing list archives
Re: CVE Request: Jansson: stack exhaustion parsing a JSON file
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Tue, 3 May 2016 15:42:27 +0200
2016-05-02 14:46 GMT+02:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256https://github.com/akheron/jansson/issues/282It takes a less than 100kb json file to crash the library, which is bad if you are receiving untrusted inputs.https://github.com/akheron/jansson/blob/master/README.rst Jansson is a C library for encoding, decoding and manipulating JSONdata. Use CVE-2016-4425.
It was fixed here: https://github.com/akheron/jansson/pull/284
Current thread:
- CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco (May 01)
- Re: CVE Request: Jansson: stack exhaustion parsing a JSON file cve-assign (May 02)
- Re: CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco (May 03)
- Re: CVE Request: Jansson: stack exhaustion parsing a JSON file cve-assign (May 02)