Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data. For the stable distribution (jessie), this problem has been fixed in version 2.7-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.7-5. We recommend that you upgrade your jansson packages.
Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.
For the stable distribution (jessie), this problem has been fixed in version 2.7-1+deb8u1.
For the unstable distribution (sid), this problem has been fixed in version 2.7-5.
We recommend that you upgrade your jansson packages.