Fluid Attacks Database

Description

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	json-c	=0.15-2 \|\| >=0 <0.15-2+deb11u1	0.15-2+deb11u1
debian 12	json-c	>=0 <0.16-1	0.16-1
debian 13	json-c	>=0 <0.16-1	0.16-1
debian 14	json-c	>=0 <0.16-1	0.16-1

Aliases

1. CVE-2021-322922. NVD-2021-322923. OSV-DEBIAN-2021-322924. OSV-2021-322925. SECURITY-TRACKER-CVE-2021-32292

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.