Red Hat Bugzilla – Bug 1032311
CVE-2013-6371 json-c: hash collision DoS
Last modified: 2015-11-25 05:04:44 EST
Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Created json-c tracking bugs for this issue:
Affects: fedora-all [bug 1085676]
Affects: epel-all [bug 1085677]
json-c-0.11-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
json-c-0.11-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 7
Via RHSA-2014:0703 https://rhn.redhat.com/errata/RHSA-2014-0703.html