REDHAT-BUG-1032311: Medium severity red hat json-c vulnerability
Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
Acknowledgements:
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Affected Software
Event History
Frequently Asked Questions
What is the vulnerability associated with REDHAT-BUG-1032311?
REDHAT-BUG-1032311 identifies a weakness in the hash function of the json-c library, causing quadratic timing behavior when parsing smallish JSON strings.
How can the issue in REDHAT-BUG-1032311 affect applications?
Applications linked to the json-c library can experience excessive CPU usage when processing specially-crafted JSON data due to the vulnerability.
What versions of json-c are affected by REDHAT-BUG-1032311?
The specific versions of json-c affected by REDHAT-BUG-1032311 have not been detailed, but any application utilizing the vulnerable library may be at risk.
How do I mitigate the impact of REDHAT-BUG-1032311?
To mitigate the impact of REDHAT-BUG-1032311, update to a patched version of the json-c library that addresses the weakness.
Is REDHAT-BUG-1032311 classified as critical?
REDHAT-BUG-1032311 may not be classified as critical, but it poses a significant performance risk due to excessive CPU consumption.