Synopsis: Moderate: json-c security update
Advisory ID: SLSA-2014:0703-1
Issue Date: 2014-06-10
CVE Numbers: CVE-2013-6371
CVE-2013-6370
—
Multiple buffer overflow flaws were found in the way the json-c library
handled long strings in JSON documents. An attacker able to make an
application using json-c parse excessively large JSON input could cause
the application to crash. (CVE-2013-6370)
A denial of service flaw was found in the implementation of hash arrays in
json-c. An attacker could use this flaw to make an application using
json-c consume an excessive amount of CPU time by providing a specially
crafted JSON document that triggers multiple hash function collisions. To
mitigate this issue, json-c now uses a different hash function and
randomization to reduce the chance of an attacker successfully causing
intentional collisions. (CVE-2013-6371)
—
SL7
x86_64
json-c-0.11-4.el7_0.i686.rpm
json-c-0.11-4.el7_0.x86_64.rpm
json-c-debuginfo-0.11-4.el7_0.i686.rpm
json-c-debuginfo-0.11-4.el7_0.x86_64.rpm
json-c-devel-0.11-4.el7_0.i686.rpm
json-c-devel-0.11-4.el7_0.x86_64.rpm
noarch
json-c-doc-0.11-4.el7_0.noarch.rpm
– Scientific Linux Development Team
