CVE-2020-12762

NameCVE-2020-12762
Descriptionjson-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2228-1, DLA-2228-2, DLA-2301-1, DLA-3461-1, DSA-4741-1
Debian Bugs960326, 1035302

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
json-c (PTS)buster, buster (security)0.12.1+ds-2+deb10u1fixed
bullseye (security), bullseye0.15-2+deb11u1fixed
bookworm0.16-2fixed
trixie, sid0.17-1fixed
libfastjson (PTS)buster0.99.8-2vulnerable
buster (security)0.99.8-2+deb10u1fixed
bullseye0.99.9-1vulnerable
trixie, sid, bookworm1.2304.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
json-csourcejessie0.11-4+deb8u2DLA-2228-2
json-csourcestretch0.12.1-1.1+deb9u1DLA-2301-1
json-csourcebuster0.12.1+ds-2+deb10u1DSA-4741-1
json-csource(unstable)0.13.1+dfsg-8960326
libfastjsonsourcebuster0.99.8-2+deb10u1DLA-3461-1
libfastjsonsource(unstable)1.2304.0-11035302

Notes

[bullseye] - libfastjson <no-dsa> (Minor issue)
https://github.com/json-c/json-c/pull/592
https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45
https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67
https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
d07b91014986 ("Fix integer overflows.") introduces a regression tracked as:
https://github.com/json-c/json-c/issues/599
https://github.com/json-c/json-c/pull/610
Working backports for older branches: https://github.com/json-c/json-c/pull/608
https://github.com/rsyslog/libfastjson/issues/161
Search for package or bug name: Reporting problems