Vulnerabilities > CVE-2020-12762 - Integer Overflow or Wraparound vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

nessus

NVD

Published: 2020-05-09

Updated: 2023-11-07

Summary

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Vulnerable Configurations

Part	Description	Count
Application	Json-C Json C Json C - Json C Json C 0.1 Json C Json C 0.2 Json C Json C 0.3 Json C Json C 0.4 Json C Json C 0.5 Json C Json C 0.6 Json C Json C 0.7 Json C Json C 0.8 Json C Json C 0.9 Json C Json C 0.10-20120530 Json C Json C 0.11-20130402 Json C Json C 0.12-20140410 Json C Json C 0.12.1-20160607 Json C Json C 0.13-20171207 Json C Json C 0.13.1-20180305 Json C Json C 0.14-20200419	17
Application	Siemens Siemens Sinec INS 1.0 Siemens Sinec INS -	3
OS	Fedoraproject Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32	3
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0	3
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 20.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 12.04	6

Common Weakness Enumeration (CWE)

CWE-190 - Integer Overflow or Wraparound

Common Attack Pattern Enumeration and Classification (CAPEC)

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0298_JSON.NASL
description	An update of the json package has been released.
last seen	2020-06-12
modified	2020-06-10
plugin id	137320
published	2020-06-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137320
title	Photon OS 1.0: Json PHSA-2020-1.0-0298

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_ABC3EF3795D411EA900425FADB81ABF4.NASL
description	Tobias Stockmann reports : I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or if a huge load during filesystem operations can be triggered.
last seen	2020-05-21
modified	2020-05-15
plugin id	136635
published	2020-05-15
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136635
title	FreeBSD : json-c -- integer overflow and out-of-bounds write via a large JSON file (abc3ef37-95d4-11ea-9004-25fadb81abf4)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-7EB7EAC270.NASL
description	- Fix CVE-2020-12762. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-06
modified	2020-05-28
plugin id	136936
published	2020-05-28
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136936
title	Fedora 31 : json-c (2020-7eb7eac270)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-2_0-0249_JSON.NASL
description	An update of the json package has been released.
last seen	2020-06-10
modified	2020-06-06
plugin id	137192
published	2020-06-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137192
title	Photon OS 2.0: Json PHSA-2020-2.0-0249

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-847AD856AB.NASL
description	- Fix CVE-2020-12762. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-31
modified	2020-05-26
plugin id	136841
published	2020-05-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136841
title	Fedora 30 : json-c (2020-847ad856ab)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1605.NASL
description	According to the version of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-06
modified	2020-06-02
plugin id	137023
published	2020-06-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137023
title	EulerOS 2.0 SP5 : json-c (EulerOS-SA-2020-1605)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4360-1.NASL
description	It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-21
modified	2020-05-15
plugin id	136663
published	2020-05-15
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136663
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : json-c vulnerability (USN-4360-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1582.NASL
description	According to the version of the json-c packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-31
modified	2020-05-26
plugin id	136860
published	2020-05-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136860
title	EulerOS 2.0 SP8 : json-c (EulerOS-SA-2020-1582)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-2228.NASL
description	The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. This follow-up version now uses an upstream sanctioned patch that was specifically published for json-c 0.11, rather than a self-backported patch. For Debian 8
last seen	2020-06-06
modified	2020-06-01
plugin id	136984
published	2020-06-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136984
title	Debian DLA-2228-2 : json-c regression update

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4360-4.NASL
description	USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details : It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-06
modified	2020-05-29
plugin id	136964
published	2020-05-29
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136964
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : json-c vulnerability (USN-4360-4)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References