Vulnerabilities > CVE-2020-12762 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0298_JSON.NASL
    descriptionAn update of the json package has been released.
    last seen2020-06-12
    modified2020-06-10
    plugin id137320
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137320
    titlePhoton OS 1.0: Json PHSA-2020-1.0-0298
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_ABC3EF3795D411EA900425FADB81ABF4.NASL
    descriptionTobias Stockmann reports : I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or if a huge load during filesystem operations can be triggered.
    last seen2020-05-21
    modified2020-05-15
    plugin id136635
    published2020-05-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136635
    titleFreeBSD : json-c -- integer overflow and out-of-bounds write via a large JSON file (abc3ef37-95d4-11ea-9004-25fadb81abf4)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-7EB7EAC270.NASL
    description - Fix CVE-2020-12762. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-05-28
    plugin id136936
    published2020-05-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136936
    titleFedora 31 : json-c (2020-7eb7eac270)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0249_JSON.NASL
    descriptionAn update of the json package has been released.
    last seen2020-06-10
    modified2020-06-06
    plugin id137192
    published2020-06-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137192
    titlePhoton OS 2.0: Json PHSA-2020-2.0-0249
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-847AD856AB.NASL
    description - Fix CVE-2020-12762. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-26
    plugin id136841
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136841
    titleFedora 30 : json-c (2020-847ad856ab)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1605.NASL
    descriptionAccording to the version of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-06-02
    plugin id137023
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137023
    titleEulerOS 2.0 SP5 : json-c (EulerOS-SA-2020-1605)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4360-1.NASL
    descriptionIt was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-21
    modified2020-05-15
    plugin id136663
    published2020-05-15
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136663
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : json-c vulnerability (USN-4360-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1582.NASL
    descriptionAccording to the version of the json-c packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-26
    plugin id136860
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136860
    titleEulerOS 2.0 SP8 : json-c (EulerOS-SA-2020-1582)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2228.NASL
    descriptionThe json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. This follow-up version now uses an upstream sanctioned patch that was specifically published for json-c 0.11, rather than a self-backported patch. For Debian 8
    last seen2020-06-06
    modified2020-06-01
    plugin id136984
    published2020-06-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136984
    titleDebian DLA-2228-2 : json-c regression update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4360-4.NASL
    descriptionUSN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details : It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-05-29
    plugin id136964
    published2020-05-29
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136964
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : json-c vulnerability (USN-4360-4)

References