CVE-2020-12762

NameCVE-2020-12762
Descriptionjson-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2228-1, DLA-2228-2, DLA-2301-1, DSA-4741-1
NVD severitymedium
Debian Bugs960326

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
json-c (PTS)stretch0.12.1-1.1vulnerable
stretch (security)0.12.1-1.1+deb9u1fixed
buster, buster (security)0.12.1+ds-2+deb10u1fixed
bullseye, sid0.15-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
json-csourcejessie0.11-4+deb8u2DLA-2228-2
json-csourcestretch0.12.1-1.1+deb9u1DLA-2301-1
json-csourcebuster0.12.1+ds-2+deb10u1DSA-4741-1
json-csource(unstable)0.13.1+dfsg-8960326

Notes

https://github.com/json-c/json-c/pull/592
https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45
https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67
https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
d07b91014986 ("Fix integer overflows.") introduces a regression tracked as:
https://github.com/json-c/json-c/issues/599
https://github.com/json-c/json-c/pull/610
Working backports for older branches: https://github.com/json-c/json-c/pull/608

Search for package or bug name: Reporting problems