Fluid Attacks Database

Description

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	jansson	>=0 <2.6-1	2.6-1
debian 13	jansson	>=0 <2.6-1	2.6-1
debian 11	jansson	>=0 <2.6-1	2.6-1
debian 14	jansson	>=0 <2.6-1	2.6-1

Aliases

1. CVE-2013-64012. NVD-2013-64013. OSV-DEBIAN-2013-64014. OSV-2013-64015. SECURITY-TRACKER-CVE-2013-6401

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.