Published: 17/05/2016 Updated: 19/05/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Jansson 2.7 and previous versions allows context-dependent malicious users to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jansson project jansson

Debian Bug report logs - #823238 jansson: CVE-2016-4425: stack exhaustion parsing a JSON file Package: src:jansson; Maintainer for src:jansson is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 May 2016 15:45:14 UTC Severity: important Tags: fixed-upstream, s ...

Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data For the stable distribution (jessie), this problem has be ...

Jansson 27 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data ...

CWE-20 http://www.debian.org/security/2015/dsa-3577 http://www.openwall.com/lists/oss-security/2016/05/02/1 https://github.com/akheron/jansson/pull/284 https://github.com/akheron/jansson/issues/282 https://github.com/akheron/jansson/pull/284/commits/64ce0ad3731ebd77e02897b07920eadd0e2cc318 http://www.openwall.com/lists/oss-security/2016/05/03/3 http://www.openwall.com/lists/oss-security/2016/05/01/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823238 https://nvd.nist.gov https://www.debian.org/security/./dsa-3577

CVE-2016-4425

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect