Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-12762

Published: 09/05/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Json-c

Vulnerability Summary

json-c up to and including 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

json-c json-c

fedoraproject fedora 30

fedoraproject fedora 31

fedoraproject fedora 32

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 19.10

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

siemens sinec ins 1.0

siemens sinec ins -

Vendor Advisories

Debian CVElist Bug Report Logs: json-c: CVE-2020-12762
Debian Bug report logs - #960326 json-c: CVE-2020-12762 Package: src:json-c; Maintainer for src:json-c is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 May 2020 19:57:01 UTC Severity: grave Tags: security, upstream Found in version json-c/0131+dfsg-7 ...
Ubuntu Security Notice: json-c vulnerability
json-c could be made to execute arbitrary code if it received a specially crafted JSON file ...
Ubuntu Security Notice: json-c vulnerability
json-c could be made to execute arbitrary code if it received a specially crafted JSON file ...
Debian Security Advisories: DSA-4741-1 json-c -- security update
Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed For the stable distribution (buster), this problem has been fixed in version 0121+ds-2+deb10u1 We recommend that you upgrade your json-c p ...
Amazon Linux AMI: ALAS-2020-1381
json-c through 014 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend (CVE-2020-12762) ...
Red Hat: Moderate: libfastjson security update
Synopsis Moderate: libfastjson security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libfastjson is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security ha ...
Red Hat: Moderate: libfastjson security update
Synopsis Moderate: libfastjson security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libfastjson is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Red Hat: Moderate: libfastjson security update
Synopsis Moderate: libfastjson security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libfastjson is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update
Synopsis Moderate: Red Hat OpenShift Data Foundation 41210 Bug Fix Update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 41210 on Red Hat Enterprise Linux 8 from Red Hat Container Registry Description Red Hat OpenShift Data Foundation is softw ...
Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes
Synopsis Moderate: Gatekeeper Operator v02 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Gatekeeper Operator v02Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available f ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...
Red Hat: Moderate: Release of OpenShift Serverless 1.20.0
Synopsis Moderate: Release of OpenShift Serverless 1200 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1200Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...
Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update
Synopsis Moderate: Red Hat OpenShift distributed tracing 210 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Openshit distributed tracing 21Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview
Synopsis Important: Release of containers for OSP 162 director operator tech preview Type/Severity Security Advisory: Important Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: net/http: limit growth of h ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 154 security update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
Amazon Linux 2: ALAS2-2023-2079
A flaw was found in json-c In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-12762) ...
Amazon Linux 2: ALAS2-2020-1442
json-c through 014 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend (CVE-2020-12762) ...
Arch Linux Issues:
A flaw was found in json-c In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability ...

ICS Advisories

Siemens SINEC INS
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-787CWE-190https://github.com/json-c/json-c/pull/592https://github.com/rsyslog/libfastjson/issues/161https://usn.ubuntu.com/4360-1/https://lists.debian.org/debian-lts-announce/2020/05/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2020/05/msg00034.htmlhttps://usn.ubuntu.com/4360-4/https://security.gentoo.org/glsa/202006-13https://lists.debian.org/debian-lts-announce/2020/07/msg00031.htmlhttps://www.debian.org/security/2020/dsa-4741https://security.netapp.com/advisory/ntap-20210521-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://lists.debian.org/debian-lts-announce/2023/06/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960326https://nvd.nist.govhttps://usn.ubuntu.com/4360-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook