ID

VAR-202005-0397

CVE

CVE-2020-12762

TITLE

json-c  Out-of-bounds write vulnerability in

DESCRIPTION

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: json-c security and bug fix update Advisory ID: RHSA-2021:4382-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4382 Issue date: 2021-11-09 CVE Names: CVE-2020-12762 ==================================================================== 1. Summary: An update for json-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - noarch 3. Description: JSON-C implements a reference counting object model that allows users to easily construct JavaScript Object Notation (JSON) objects in C, output them as JSON formatted strings, and parse JSON formatted strings back into the C representation of JSON objects. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: json-c-debuginfo-0.13.1-2.el8.aarch64.rpm json-c-debugsource-0.13.1-2.el8.aarch64.rpm json-c-devel-0.13.1-2.el8.aarch64.rpm ppc64le: json-c-debuginfo-0.13.1-2.el8.ppc64le.rpm json-c-debugsource-0.13.1-2.el8.ppc64le.rpm json-c-devel-0.13.1-2.el8.ppc64le.rpm s390x: json-c-debuginfo-0.13.1-2.el8.s390x.rpm json-c-debugsource-0.13.1-2.el8.s390x.rpm json-c-devel-0.13.1-2.el8.s390x.rpm x86_64: json-c-debuginfo-0.13.1-2.el8.i686.rpm json-c-debuginfo-0.13.1-2.el8.x86_64.rpm json-c-debugsource-0.13.1-2.el8.i686.rpm json-c-debugsource-0.13.1-2.el8.x86_64.rpm json-c-devel-0.13.1-2.el8.i686.rpm json-c-devel-0.13.1-2.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: json-c-0.13.1-2.el8.src.rpm aarch64: json-c-0.13.1-2.el8.aarch64.rpm json-c-debuginfo-0.13.1-2.el8.aarch64.rpm json-c-debugsource-0.13.1-2.el8.aarch64.rpm ppc64le: json-c-0.13.1-2.el8.ppc64le.rpm json-c-debuginfo-0.13.1-2.el8.ppc64le.rpm json-c-debugsource-0.13.1-2.el8.ppc64le.rpm s390x: json-c-0.13.1-2.el8.s390x.rpm json-c-debuginfo-0.13.1-2.el8.s390x.rpm json-c-debugsource-0.13.1-2.el8.s390x.rpm x86_64: json-c-0.13.1-2.el8.i686.rpm json-c-0.13.1-2.el8.x86_64.rpm json-c-debuginfo-0.13.1-2.el8.i686.rpm json-c-debuginfo-0.13.1-2.el8.x86_64.rpm json-c-debugsource-0.13.1-2.el8.i686.rpm json-c-debugsource-0.13.1-2.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): noarch: json-c-doc-0.13.1-2.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrej9zjgjWX9erEAQiU1g//YzM77GdfeN9wtXjfeQ400cw5AsR8XjOm 3eS4kMuwlN0w5reO9n3OnPs3SCZVDcoRmPJ1Z71eK796SyczEzfItkB8HVpPIL2E c8QfOQ1a2m/Izws30u8/xASfY3JXEWFeX5Pip7OrQ8T+6BhpsYEMzD7zC6aPXgzw g7T87IaVa1WPsORtd/KvDivVGBLt9jwzvjbJAOmRQ0ccWC9ylsjqXiuvDzFlyL+h R0tSJXyNDFebOwwAY5cJ0Go1NjlGC61K0SgB/S/WnQyqKcqN6kss/1fFCjGs/wvy Z52AMuB1BeOjPdxPydwErGjtl7qxn0ygpKwxKsHJwbhYpuUEBhkn6LG998y9QBVj gQDuySEzrR+0j1Tg579g/z1fvtbvXCU0/Wt01uoeWJlyKVR4B8dJAV4NHLFXoon8 Uw+dlJFvFPlu0LERlaYquQJ0FksWZH9G+3mrVo2F9X8IOMint0zNe+X+mE7zuhOX qluAe5stgV5BNtXkboSmt3R4mk4suNbgexZvyC9cMeIY+A2GNB4NHcVtwPVSs4Bg QG2SPVqwXL73ViKAS9YSof9uSY2hRXqSKs+BRnIVxKZS0EzFybv76NQtmx7NjZlG JUkHfT/W9UnTxfgmrDs6xYUKNCs6lyvkTmBfGf0+S+CLTToVImr9DPN/EO2r+/xS A4oHKkiq9g8\x8eca -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. The following data is constructed from data provided by Red Hat's json file at: https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6431.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. ========================================================================= Ubuntu Security Notice USN-4360-1 May 14, 2020 json-c vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: json-c could be made to execute arbitrary code if it received a specially crafted JSON file. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libjson-c4 0.13.1+dfsg-7ubuntu0.1 Ubuntu 19.10: libjson-c4 0.13.1+dfsg-4ubuntu0.1 Ubuntu 18.04 LTS: libjson-c3 0.12.1-1.3ubuntu0.1 Ubuntu 16.04 LTS: libjson-c2 0.11-4ubuntu2.1 libjson0 0.11-4ubuntu2.1 Ubuntu 14.04 ESM: libjson-c2 0.11-3ubuntu1.2+esm1 libjson0 0.11-3ubuntu1.2+esm1 Ubuntu 12.04 ESM: libjson0 0.9-1ubuntu1.2 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-03-25T21:14:53.212000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE