Comments (2)
hawicz
commented on July 28, 2024
1
No, earlier versions of json-c are not affected by this. Also, given that this is in the json_parse cli it doesn't affect anyone that's just using the library APIs, and some packaged versions of json-c might not even install that binary.
from json-c.
hawicz
commented on July 28, 2024
1
To provide a bit more color here, the "vulnerable" code was introduced (on master) on 20200420, but since it's just in the json_parse binary, which is an auxiliary example program, the CVE score is way too high. I'd say that this hardly warrants a CVE at all, but since there is one I've asked for its description to be updated to better reflect what the bug actually was.
Nothing that uses the json-c API is affected by this. The only way it might cause a problem is if someone were to build some service around executing the json_parse binary instead of using the normal API methods.
from json-c.
Related Issues (20)
- Symbol not found during linking stage of libjson-c.so HOT 1
- RFE: please start making github releases
- Cannot build with clang-cl HOT 3
- memory leak issue in 0.13 HOT 1
- Null pointer dereference in tokener_parse_ex_fuzzer.cc HOT 1
- Cannot link properly using cmake HOT 2
- Memory leak when enable HAVE_SETLOCALE and HAVE_USELOCALE HOT 2
- Random crash in json_tokener_parse HOT 7
- Assignment bug in json_pointer.c HOT 2
- _WIN32 should be used, not WIN32 in source code ifdefs. HOT 2
- Doxygen: mis-wording in `json_object_put`
- json_object_from_file caused calloc SIGSEGV HOT 2
- Missing return description
- Allow NULL in json_object_new_string() and json_object_new_string_len() HOT 3
- json_tokener_parse_verbose does not set the error indicator when it fails to allocate the tokener HOT 3
- json_tokener_parse_verbose sets the error indicator to a wrong value when there is a memory allocation failure HOT 3
- json_tokener_parse is not multithread-safe on some platforms HOT 10
- Using libjson-c.so or compiling from source seg faults on json_tokener_parse_ex in alpine docker container HOT 4
- json_tokener_parse_verbose sets the error indicator to a wrong value when there is a memory allocation failure HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json-c.