REDHAT-BUG-1032322: Medium severity json-c json-c library vulnerability
Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library.
Acknowledgements:
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-1032322?
The severity of REDHAT-BUG-1032322 is significant due to potential buffer overflows on 32-bit architectures.
How do I fix REDHAT-BUG-1032322?
To fix REDHAT-BUG-1032322, update the json-c library to a version where the printbuf APIs use size_t for buffer length counts.
What software is affected by REDHAT-BUG-1032322?
The json-c library is affected by REDHAT-BUG-1032322.
Who reported the issue in REDHAT-BUG-1032322?
Florian Weimer reported the issue in REDHAT-BUG-1032322.
What are the implications of REDHAT-BUG-1032322 on 32-bit architectures?
The implications of REDHAT-BUG-1032322 on 32-bit architectures include potential crashes and vulnerabilities due to inappropriate handling of buffer lengths.