Project

General

Profile

Actions

Todo #10609

closed

Fix for CVE-2020-12762 (CVSS 3: 7.8) - json-c integer overflow and out-of-bounds write

Added by e 1/1 almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Running "pkg audit -F" on a 2.4.5-RELEASE box yields:

Fetching vuln.xml.bz2: 100% 853 KiB 873.2kB/s 00:01
json-c-0.13.1_1 is vulnerable:
json-c -- integer overflow and out-of-bounds write via a large JSON file
CVE: CVE-2020-12762
WWW: https://vuxml.FreeBSD.org/freebsd/abc3ef37-95d4-11ea-9004-25fadb81abf4.html

Version 0.14 is available for FreeBSD 11 and 12 - https://www.freshports.org/devel/json-c/

Actions #1

Updated by Jim Pingle almost 2 years ago

  • Assignee set to Renato Botelho
  • Target version set to 2.4.5-p1
Actions #2

Updated by Renato Botelho almost 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Version 0.14 cherry-picked

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

New version is present in the staging repo.

Actions

Also available in: Atom PDF