[v2.7] json-c: hash collision DoS and buffer overflow (CVE-2013-6371 CVE-2013-6370)
Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library (CVE-2013-6370).
Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU (CVE-2013-6371).
http://lwn.net/Vulnerabilities/595049/
http://openwall.com/lists/oss-security/2014/04/09/9
COMMIT:
https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
https://bugs.mageia.org/show\_bug.cgi?id=13179
(from redmine: issue id 2849, created on 2014-04-18, closed on 2014-04-21)
- Changesets:
- Revision 14cbf734 by Natanael Copa on 2014-04-18T16:08:41Z:
main/json-c: security upgrade to 0.12 (CVE-2013-6371,CVE-2013-6370)
ref #2849
- Revision 7c6f59eb by Natanael Copa on 2014-04-18T16:26:04Z:
main/json-c: security upgrade to 0.12 (CVE-2013-6371,CVE-2013-6370)
fixes #2849
(cherry picked from commit 14cbf73416b6e1d6839c573967901260e464deb2)