jansson: stack exhaustion parsing a JSON file (CVE-2016-4425)
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
References:
http://www.openwall.com/lists/oss-security/2016/05/01/5
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4425
Patch:
https://github.com/akheron/jansson/commit/64ce0ad3731ebd77e02897b07920eadd0e2cc318
(from redmine: issue id 5789, created on 2016-06-24, closed on 2016-07-07)
- Relations:
- child #5790 (closed)
- child #5791 (closed)
- child #5792 (closed)
- child #5793 (closed)
- child #5794 (closed)
- Changesets:
- Revision 36ab20a1 by Natanael Copa on 2016-06-24T12:15:50Z:
main/jansson: security fix for CVE-2016-4425
fixes #5789