Fluid Attacks Database

Description

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	jansson	=2.14-2	-
alpine v3.17	jansson	>=0 <0	0
debian 11	jansson	=2.13.1-1.1 \|\| =2.14-1 \|\| =2.14-2	-
alpine v3.13	jansson	>=0 <0	0
alpine v3.10	jansson	>=0 <0	0
alpine v3.11	jansson	>=0 <0	0
alpine v3.14	jansson	>=0 <0	0
alpine v3.15	jansson	>=0 <0	0
alpine v3.16	jansson	>=0 <0	0
alpine v3.18	jansson	>=0 <0	0

1-10 of 18

Aliases

1. CVE-2020-363252. NVD-2020-363253. OSV-DEBIAN-2020-363254. OSV-2020-363255. OSV-ALPINE-2020-363256. SECURITY-TRACKER-CVE-2020-363257. SECURITY-CVE-2020-36325

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.