Vulnerabilities > CVE-2020-12762 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Json-C
| 17 |
Application | 3 | |
OS | 3 | |
OS | 3 | |
OS | 6 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0298_JSON.NASL description An update of the json package has been released. last seen 2020-06-12 modified 2020-06-10 plugin id 137320 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137320 title Photon OS 1.0: Json PHSA-2020-1.0-0298 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ABC3EF3795D411EA900425FADB81ABF4.NASL description Tobias Stockmann reports : I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or if a huge load during filesystem operations can be triggered. last seen 2020-05-21 modified 2020-05-15 plugin id 136635 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136635 title FreeBSD : json-c -- integer overflow and out-of-bounds write via a large JSON file (abc3ef37-95d4-11ea-9004-25fadb81abf4) NASL family Fedora Local Security Checks NASL id FEDORA_2020-7EB7EAC270.NASL description - Fix CVE-2020-12762. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-05-28 plugin id 136936 published 2020-05-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136936 title Fedora 31 : json-c (2020-7eb7eac270) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0249_JSON.NASL description An update of the json package has been released. last seen 2020-06-10 modified 2020-06-06 plugin id 137192 published 2020-06-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137192 title Photon OS 2.0: Json PHSA-2020-2.0-0249 NASL family Fedora Local Security Checks NASL id FEDORA_2020-847AD856AB.NASL description - Fix CVE-2020-12762. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-26 plugin id 136841 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136841 title Fedora 30 : json-c (2020-847ad856ab) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1605.NASL description According to the version of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-06-02 plugin id 137023 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137023 title EulerOS 2.0 SP5 : json-c (EulerOS-SA-2020-1605) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4360-1.NASL description It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-21 modified 2020-05-15 plugin id 136663 published 2020-05-15 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136663 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : json-c vulnerability (USN-4360-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1582.NASL description According to the version of the json-c packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-26 plugin id 136860 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136860 title EulerOS 2.0 SP8 : json-c (EulerOS-SA-2020-1582) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2228.NASL description The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. This follow-up version now uses an upstream sanctioned patch that was specifically published for json-c 0.11, rather than a self-backported patch. For Debian 8 last seen 2020-06-06 modified 2020-06-01 plugin id 136984 published 2020-06-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136984 title Debian DLA-2228-2 : json-c regression update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4360-4.NASL description USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details : It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-05-29 plugin id 136964 published 2020-05-29 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136964 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : json-c vulnerability (USN-4360-4)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/json-c/json-c/pull/592
- https://github.com/rsyslog/libfastjson/issues/161
- https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html
- https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/
- https://security.gentoo.org/glsa/202006-13
- https://security.netapp.com/advisory/ntap-20210521-0001/
- https://usn.ubuntu.com/4360-1/
- https://usn.ubuntu.com/4360-4/
- https://www.debian.org/security/2020/dsa-4741
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://www.debian.org/security/2020/dsa-4741
- https://usn.ubuntu.com/4360-4/
- https://usn.ubuntu.com/4360-1/
- https://security.netapp.com/advisory/ntap-20210521-0001/
- https://security.gentoo.org/glsa/202006-13
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/
- https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
- https://github.com/rsyslog/libfastjson/issues/161
- https://github.com/json-c/json-c/pull/592